[dev.icinga.com #723] Enable browser autocomplete for login credentials #139

icinga-migration opened this Issue Aug 17, 2010 · 8 comments


None yet

1 participant


This issue has been migrated from Redmine: https://dev.icinga.com/issues/723

Created by jmosshammer on 2010-08-17 09:32:19 +00:00

Assignee: mhein
Status: Resolved (closed on 2011-08-03 10:39:02 +00:00)
Target Version: 1.5
Last Update: 2011-08-03 10:39:02 +00:00 (in Redmine)

Autocomplete for login field by the browser


2011-08-03 10:37:03 +00:00 by mhein 2d4765a

* fixes #723 cookie for login credntials

Updated by mfriedrich on 2010-08-17 09:44:30 +00:00

for security reasons, i wouldn't enable this by default.


Updated by elagon on 2010-08-19 09:41:07 +00:00

I don't like that too much.
This way you can spoof all the users
Better to rely on your browser...


Updated by jmosshammer on 2010-08-19 10:00:36 +00:00

No, it's not meant to be a autocomplete field in the way that a js-driven dropdown box displays the users and you can select yours. At the moment, your browser doesn't offer you any autocompletion for the input fields, because the input field has the autocomplete="off" attribute.

If you have very long names like in ldap authentification, it's very useful if your browser (!) offers you previously used items.


Updated by b@fh on 2010-10-10 08:25:58 +00:00

As a sysadmin i totally agree with dnsmichi and elagon here.

Enabling autocompletion opens up a very large security leak. If needed, make this optional and by default turned off.


Updated by mfriedrich on 2011-01-13 16:21:36 +00:00

  • Status changed from New to Closed

i don't think it will return a lot of benefit. re-open if needed.


Updated by mfriedrich on 2011-07-03 12:42:05 +00:00

  • Subject changed from Enable autocomplete for login username to Enable browser autocomplete for login credentials
  • Status changed from Closed to Feedback
  • Target Version set to 1.5

from the perspective to allow the browser saving the credentials (or at least saving the login name) this is the users responsibility and could be made the default feature (as a lot of login masks offer that by default). and since it's a demanded idea on the feedback tracker, consider it for the maintenance release.



Updated by mhein on 2011-08-03 09:24:47 +00:00

  • Status changed from Feedback to Assigned
  • Assigned to set to mhein
  • Estimated Hours set to 0.0

I think we can safe the login name into cookie and display that on login. Enable by default and configurable so you can deactivate this feature


Updated by mhein on 2011-08-03 10:39:02 +00:00

  • Status changed from Assigned to Resolved

You can change behavoiur (behaviour.store_loginname=true|false) in auth.xml

@icinga-migration icinga-migration added this to the 1.5 milestone Jan 17, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment