You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ofbiz.apache.org by "Arun Patidar (JIRA)" <ji...@apache.org> on 2017/07/22 11:01:00 UTC

[jira] [Resolved] (OFBIZ-9471) Set autocomplete to off for all the password fields.

     [ https://issues.apache.org/jira/browse/OFBIZ-9471?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Arun Patidar resolved OFBIZ-9471.
---------------------------------
    Resolution: Fixed

IMO, these changes are kind of improvements, so should not back port. So closing this ticket.

Thanks Jacques and Michael for your comment. 

> Set autocomplete to off for all the password fields.
> ----------------------------------------------------
>
>                 Key: OFBIZ-9471
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9471
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>            Reporter: Ritesh Kumar
>            Assignee: Arun Patidar
>            Priority: Minor
>              Labels: backport-needed
>             Fix For: Upcoming Release
>
>         Attachments: OFBIZ-9471-FRAMEWORK.patch, OFBIZ-9471-PLUGIN.patch
>
>
> The login and Forget password screens have password inputs. It is a best practice to disable autocomplete on the password field as it will avoid caching sensitive data on client site (CC numbers) and avoid storing the password in an insecure and hackable client-site database.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)