Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
Topic closed
#1 2007-05-11 05:05:51
- saccade
- Plugin Author
- From: Neubeuern, Germany
- Registered: 2004-11-05
- Posts: 521
Security: Firefox autocomplete (form fill) and textpattern login
Yesterday I had an odd effect on a textpattern login page:
A friend visited me and wanted some advice on his textpattern site.
When I went to the backend of his site and put the cursor into the “Name”-field of the login, his username was presented by Firefox’ autocomplete choice. It wasn’t a common word – and it has never been entered on my site!
So: How did Firefox get any notice about a word entered from an entirely different location?
Isn’t there an issue of security?
Normally I wouldn’t want that anything I put into my fields would show up on another users computer.
Any experience here?
Offline
#2 2007-05-11 05:36:21
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: Security: Firefox autocomplete (form fill) and textpattern login
Please follow clearly posted guidelines. Naughty people read the forum.
Textpattern doesn’t do anything of that sort.
There are a couple possibilities: a rogue plugin (or plugins) or a modified installation. Please send me a copy of the diagnostics.
Either way, you would still need the password to gain entrance, knowing a username alone won’t get you anywhere.
Please continue discussion of this problem at security at textpattern dot com. I’m closing this thread.
Offline
#3 2007-05-12 19:24:37
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: Security: Firefox autocomplete (form fill) and textpattern login
All clear. No vulnerability found. :)
Offline
Pages: 1
Topic closed