Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Turn off autocomplete on password field #5260

Merged
merged 1 commit into from Sep 17, 2019
Merged

Turn off autocomplete on password field #5260

merged 1 commit into from Sep 17, 2019

Conversation

runephilosof
Copy link
Contributor

@runephilosof runephilosof commented Sep 16, 2019
edited

To satisfy Qualys Vulnerability scanning.
Even though it isn't best practice, because best practice is to use password managers to autocomplete the login fields.
However, it won't be honored by the browsers (for the above reason https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion#The_autocomplete_attribute_and_login_fields), so users won't get affected.
So this change is only good to silence a vulnerability scanner, it doesn't actually close a vulnerability.

Closes #5205

@runephilosof
Turn off autocomplete on password field
192b453 
To satisfy Qualys Vulnerability scanning.
Even though it isn't best practice, because best practice is to use password managers to autocomplete the login fields.
However, it won't be honored by the browsers (for the above reason https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion#The_autocomplete_attribute_and_login_fields), so users won't get affected.
So this change is only good to silence a vulnerability scanner, it doesn't actually close a vulnerability.

Closes rundeck#5205
jessemarple
jessemarple approved these changes Sep 17, 2019
View reviewed changes
Copy link
Contributor

@jessemarple jessemarple left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reviewed and approved

@jessemarple jessemarple merged commit 0c1d540 into rundeck:master Sep 17, 2019
@jessemarple jessemarple added the needs-backport An issue needs porting to a previous release milestone label Sep 18, 2019
@jessemarple jessemarple modified the milestones: 3.1.1, 3.0.27 Sep 18, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jessemarple jessemarple jessemarple approved these changes

Assignees
No one assigned
Labels
needs-backport An issue needs porting to a previous release milestone
Projects
None yet
Milestone
3.1.1
Development

Successfully merging this pull request may close these issues.

Ability to Disable AutoComplete on password field of Rundeck login page
2 participants
@runephilosof @jessemarple