You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Velmurugan Periasamy (JIRA)" <ji...@apache.org> on 2014/09/18 03:15:33 UTC

[jira] [Created] (ARGUS-66) Set autocomplete off for fields that contains sensitive data

Velmurugan Periasamy created ARGUS-66:
-----------------------------------------

             Summary: Set autocomplete off for fields that contains sensitive data
                 Key: ARGUS-66
                 URL: https://issues.apache.org/jira/browse/ARGUS-66
             Project: Argus
          Issue Type: Bug
            Reporter: Velmurugan Periasamy


Summary :
The form in login.jsp uses auto completion on line 55, which allows some browsers to retain sensitive information in their history.Auto completion of forms allows some browsers to retain sensitive information in their history.

Explanation :
With auto completion enabled, some browsers retain user input across sessions, which could allow someone using the computer after the initial user to see information previously submitted.

Recommendation :
Explicitly disable auto completion on forms or sensitive inputs. By disabling auto completion, information previously entered will not be presented back to the user as they type. It will also disable the "remember my password" functionality of most major browsers.

How to verify:
When Logging into the system, browser shouldn't allow to the user to save the password.  Currently browser is asking the user to save the password.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)