[dev.icinga.com #723] Enable browser autocomplete for login credentials #139

Closed
icinga-migration opened this Issue Aug 17, 2010 · 8 comments

Comments

Projects
None yet
1 participant
Member

icinga-migration commented Aug 17, 2010

This issue has been migrated from Redmine: https://dev.icinga.com/issues/723

Created by jmosshammer on 2010-08-17 09:32:19 +00:00

Assignee: mhein
Status: Resolved (closed on 2011-08-03 10:39:02 +00:00)
Target Version: 1.5
Last Update: 2011-08-03 10:39:02 +00:00 (in Redmine)


Autocomplete for login field by the browser

Changesets

2011-08-03 10:37:03 +00:00 by mhein 2d4765a

* fixes #723 cookie for login credntials
Member

icinga-migration commented Aug 17, 2010

Updated by mfriedrich on 2010-08-17 09:44:30 +00:00

for security reasons, i wouldn't enable this by default.

Member

icinga-migration commented Aug 19, 2010

Updated by elagon on 2010-08-19 09:41:07 +00:00

I don't like that too much.
This way you can spoof all the users
Better to rely on your browser...

Member

icinga-migration commented Aug 19, 2010

Updated by jmosshammer on 2010-08-19 10:00:36 +00:00

No, it's not meant to be a autocomplete field in the way that a js-driven dropdown box displays the users and you can select yours. At the moment, your browser doesn't offer you any autocompletion for the input fields, because the input field has the autocomplete="off" attribute.

If you have very long names like in ldap authentification, it's very useful if your browser (!) offers you previously used items.

Member

icinga-migration commented Oct 10, 2010

Updated by b@fh on 2010-10-10 08:25:58 +00:00

As a sysadmin i totally agree with dnsmichi and elagon here.

Enabling autocompletion opens up a very large security leak. If needed, make this optional and by default turned off.

Member

icinga-migration commented Jan 13, 2011

Updated by mfriedrich on 2011-01-13 16:21:36 +00:00

  • Status changed from New to Closed

i don't think it will return a lot of benefit. re-open if needed.

Member

icinga-migration commented Jul 3, 2011

Updated by mfriedrich on 2011-07-03 12:42:05 +00:00

  • Subject changed from Enable autocomplete for login username to Enable browser autocomplete for login credentials
  • Status changed from Closed to Feedback
  • Target Version set to 1.5

from the perspective to allow the browser saving the credentials (or at least saving the login name) this is the users responsibility and could be made the default feature (as a lot of login masks offer that by default). and since it's a demanded idea on the feedback tracker, consider it for the maintenance release.

http://feedback.icinga.org/forums/50329-general/suggestions/1338715-allow-browsers-to-save-login-credentials-for-icing?ref=title

Member

icinga-migration commented Aug 3, 2011

Updated by mhein on 2011-08-03 09:24:47 +00:00

  • Status changed from Feedback to Assigned
  • Assigned to set to mhein
  • Estimated Hours set to 0.0

I think we can safe the login name into cookie and display that on login. Enable by default and configurable so you can deactivate this feature

Member

icinga-migration commented Aug 3, 2011

Updated by mhein on 2011-08-03 10:39:02 +00:00

  • Status changed from Assigned to Resolved

You can change behavoiur (behaviour.store_loginname=true|false) in auth.xml

icinga-migration added this to the 1.5 milestone Jan 17, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment