You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Velmurugan Periasamy (JIRA)" <ji...@apache.org> on 2014/09/18 06:51:34 UTC
[jira] [Updated] (ARGUS-66) Set autocomplete off for fields that
contains sensitive data
[ https://issues.apache.org/jira/browse/ARGUS-66?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Velmurugan Periasamy updated ARGUS-66:
--------------------------------------
Assignee: Selvamohan Neethiraj (was: Velmurugan Periasamy)
> Set autocomplete off for fields that contains sensitive data
> ------------------------------------------------------------
>
> Key: ARGUS-66
> URL: https://issues.apache.org/jira/browse/ARGUS-66
> Project: Argus
> Issue Type: Bug
> Reporter: Velmurugan Periasamy
> Assignee: Selvamohan Neethiraj
>
> Summary :
> The form in login.jsp uses auto completion on line 55, which allows some browsers to retain sensitive information in their history.Auto completion of forms allows some browsers to retain sensitive information in their history.
> Explanation :
> With auto completion enabled, some browsers retain user input across sessions, which could allow someone using the computer after the initial user to see information previously submitted.
> Recommendation :
> Explicitly disable auto completion on forms or sensitive inputs. By disabling auto completion, information previously entered will not be presented back to the user as they type. It will also disable the "remember my password" functionality of most major browsers.
> How to verify:
> When Logging into the system, browser shouldn't allow to the user to save the password. Currently browser is asking the user to save the password.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)