You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by gi...@git.apache.org on 2017/09/01 10:17:25 UTC
[GitHub] alxndrsn opened a new issue #976: Browser autocomplete stores db passwords
alxndrsn opened a new issue #976: Browser autocomplete stores db passwords
URL: https://github.com/apache/couchdb-fauxton/issues/976
If using basic auth, the replication page in Fauxton on couch 2.0 stores database passwords.
Checked on Chrome, Firefox.
## Expected Behavior
Database passwords probably shouldn't be stored in my browser.
## Current Behavior
### Chrome
<img width="618" alt="screen shot 2017-09-01 at 12 12 15" src="https://user-images.githubusercontent.com/191496/29965733-1b4f2ac0-8f0f-11e7-92fd-e7ae63080f04.png">
### Firefox
<img width="516" alt="screen shot 2017-09-01 at 11 49 27" src="https://user-images.githubusercontent.com/191496/29965738-1fe5321e-8f0f-11e7-9e2d-72c809dcde18.png">
## Possible Solution
Add `autocomplete="off"` attribute to `<input>` elements which are not `type="password"` but may include passwords.
## Steps to Reproduce (for bugs)
1. go to fauxton replication page
2. start a replication to a remote server
3. reload the replication page
4. start typing in the remote server URL box
5. observe old URLs including basic auth credentials
## Your Environment
* Version used:
<img width="209" alt="screen shot 2017-09-01 at 12 16 14" src="https://user-images.githubusercontent.com/191496/29965781-60043f3e-8f0f-11e7-9050-4d54db6003e0.png">
* Browser Name and version:
- Firefox 55
- Chrome 60
* Operating System and version (desktop or mobile): OSX
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services