This issue has been migrated from Redmine: https://dev.icinga.com/issues/723
Created by jmosshammer on 2010-08-17 09:32:19 +00:00
Status: Resolved (closed on 2011-08-03 10:39:02 +00:00)
Target Version: 1.5
Last Update: 2011-08-03 10:39:02 +00:00 (in Redmine)
Autocomplete for login field by the browser
2011-08-03 10:37:03 +00:00 by mhein 2d4765a
* fixes #723 cookie for login credntials
Updated by mfriedrich on 2010-08-17 09:44:30 +00:00
for security reasons, i wouldn't enable this by default.
Updated by elagon on 2010-08-19 09:41:07 +00:00
I don't like that too much.
This way you can spoof all the users
Better to rely on your browser...
Updated by jmosshammer on 2010-08-19 10:00:36 +00:00
No, it's not meant to be a autocomplete field in the way that a js-driven dropdown box displays the users and you can select yours. At the moment, your browser doesn't offer you any autocompletion for the input fields, because the input field has the autocomplete="off" attribute.
If you have very long names like in ldap authentification, it's very useful if your browser (!) offers you previously used items.
Updated by b@fh on 2010-10-10 08:25:58 +00:00
As a sysadmin i totally agree with dnsmichi and elagon here.
Enabling autocompletion opens up a very large security leak. If needed, make this optional and by default turned off.
Updated by mfriedrich on 2011-01-13 16:21:36 +00:00
i don't think it will return a lot of benefit. re-open if needed.
Updated by mfriedrich on 2011-07-03 12:42:05 +00:00
from the perspective to allow the browser saving the credentials (or at least saving the login name) this is the users responsibility and could be made the default feature (as a lot of login masks offer that by default). and since it's a demanded idea on the feedback tracker, consider it for the maintenance release.
Updated by mhein on 2011-08-03 09:24:47 +00:00
I think we can safe the login name into cookie and display that on login. Enable by default and configurable so you can deactivate this feature
Updated by mhein on 2011-08-03 10:39:02 +00:00
You can change behavoiur (behaviour.store_loginname=true|false) in auth.xml