Details
Description
Currently, the login page for both Admin/Dev Portals is permitting to automatically enter or select a value for the username/password fields. Both username and password fields in the login page are not set the autocomplete attribute to off by default (if not explicit set to "off" in the <input> element it will set to "on" by default).
The Web form contains passwords or other sensitive text fields for which the browser autocomplete feature is enabled. Autocomplete stores completed form field and passwords locally in the browser, so that these fields are filled automatically when the user visits the site again.
Sensitive data and passwords can be stolen if the user's system is compromised. Note, however, that form autocomplete is a non-standard, browser-side feature that each browser handles differently. Opera, for example, disregards the feature, requiring the user to enter credentials for each Web site visit.
Is it feasible considering to make something configurable for the non-sensitive fields or even set them to off and let users enable it according to their own browser settings?
Dev Notes: For now we will set autocomplete to "off" for the login page. Any other opinions should be discussed in THREESCALE-8731.
Attachments
Issue Links
- is cloned by
-
THREESCALE-8731 Autocomplete attribute is set to "on" for the credentials fields in the login page
- Closed
- is related to
-
THREESCALE-8731 Autocomplete attribute is set to "on" for the credentials fields in the login page
- Closed
- mentioned on