[rt-users] Login password save

Tom Lahti toml at bitstatement.net
Thu Sep 24 15:34:04 EDT 2009


>> Has anyone ever come across an extension or made a login password saver
>> using cookies? I'm just wondering I had a few users ask about saving
>> their login password.

> Evil bad awful idea.

... because anyone with physical access to their computer can create RT
transactions as the user with the saved password without having to know the
password.

Even without doing that, the session length presents the same issue if users
do not lock their workstations when they leave their desk.  Here I have an
alias set up that emails the whole company; if I find an employee has left
their workstation unlocked, I send out a company-wide email from them with
some silly statement  ("I watch Sesame Street" is a favorite).  Needless to
say, no one hardly ever does that anymore :)

-- 
-- ============================
   Tom Lahti
   BIT Statement LLC

   (425)251-0833 x 117
   http://www.bitstatement.net/
-- ============================



More information about the rt-users mailing list