[jboss-user] [JBoss Seam] - Re: Security Remember Me Functionality

Furthermore: Today, clients can fill out login-forms automatically. It is a much safer approach: a) the user decides when he wants to store sensitive information on the client (e.g. not on a browser in some internet cafe) b) the user has a clear warning and a message (Do you want to store that login information?) that he has seen before, not some obscure Remember Me checkbox with an unknown implementation he can't control c) the user can apply local measures to improve security, for example, my remembered login form data is stored in a master-password protected wallet (Safari + OS X) d) its much harder for attackers to abuse this functionality for fishing, you'd need DNS spoofing to get the victim to a malicious webpage with a faked domain, so that the client auto-fills the attackers form Having said that, we might add the "trusted client" Remember Me to Seam, but only with big red warning lights. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018118#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...