You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@drill.apache.org by GitBox <gi...@apache.org> on 2023/01/20 11:53:13 UTC
[GitHub] [drill] jnturton opened a new pull request, #2743: DRILL-8391: Disable auto complete on the password field of web UI login forms
jnturton opened a new pull request, #2743:
URL: https://github.com/apache/drill/pull/2743
# [DRILL-8391](https://issues.apache.org/jira/browse/DRILL-8391): Disable auto complete on the password field of web UI login forms
## Description
In order to avoid triggering security scanners it is necessary to set autocomplete = "off" on the password field in the web UI login forms. This change probably has no real world security benefit because
> Even without a master password, in-browser password management is generally seen as a net gain for security. Since users do not have to remember passwords that the browser stores for them, they are able to choose stronger passwords than they would otherwise.
>
> For this reason, many modern browsers do not support autocomplete="off" for login fields:
>
> - If a site sets autocomplete="off" for a form, and the form includes username and password input fields, then the browser still offers to remember this login, and if the user agrees, the browser will autofill those fields the next time the user visits the page.
> - If a site sets autocomplete="off" for username and password input fields, then the browser still offers to remember this login, and if the user agrees, the browser will autofill those fields the next time the user visits the page
Excerpt taken from [this Mozilla Developer Network page](https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion).
## Documentation
N/A
## Testing
Confirm that the attribute assignment `autocomplete="off"` is present on the password of the web UI login form.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [drill] jnturton commented on pull request #2743: DRILL-8391: Disable auto complete on the password field of web UI login forms
Posted by GitBox <gi...@apache.org>.
jnturton commented on PR #2743:
URL: https://github.com/apache/drill/pull/2743#issuecomment-1398480919
The dang squash and merge mangled the commit message!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [drill] cgivre merged pull request #2743: DRILL-8391: Disable auto complete on the password field of web UI login forms
Posted by GitBox <gi...@apache.org>.
cgivre merged PR #2743:
URL: https://github.com/apache/drill/pull/2743
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org