Feature #723

Enable browser autocomplete for login credentials

Added by jmosshammer over 3 years ago. Updated over 2 years ago.

Status:ResolvedStart date:08/17/2010
Priority:LowDue date:
Assignee:mhein% Done:

0%

Category:-Estimated time:0.00 hour
Target version:Icinga 1.x - 1.5

Description

Autocomplete for login field by the browser

Associated revisions

Revision 2d4765aa
Added by mhein over 2 years ago

  • fixes #723 cookie for login credntials

History

#1 Updated by dnsmichi over 3 years ago

for security reasons, i wouldn't enable this by default.

#2 Updated by elagon over 3 years ago

I don't like that too much.
This way you can spoof all the users
Better to rely on your browser...

#3 Updated by jmosshammer over 3 years ago

No, it's not meant to be a autocomplete field in the way that a js-driven dropdown box displays the users and you can select yours. At the moment, your browser doesn't offer you any autocompletion for the input fields, because the input field has the autocomplete="off" attribute.

If you have very long names like in ldap authentification, it's very useful if your browser (!) offers you previously used items.

#4 Updated by b@fh over 3 years ago

As a sysadmin i totally agree with dnsmichi and elagon here.

Enabling autocompletion opens up a very large security leak. If needed, make this optional and by default turned off.

#5 Updated by dnsmichi over 3 years ago

  • Status changed from New to Closed

i don't think it will return a lot of benefit. re-open if needed.

#6 Updated by dnsmichi almost 3 years ago

  • Subject changed from Enable autocomplete for login username to Enable browser autocomplete for login credentials
  • Status changed from Closed to Feedback
  • Target version set to 1.5

from the perspective to allow the browser saving the credentials (or at least saving the login name) this is the users responsibility and could be made the default feature (as a lot of login masks offer that by default). and since it's a demanded idea on the feedback tracker, consider it for the maintenance release.

http://feedback.icinga.org/forums/50329-general/suggestions/1338715-allow-browsers-to-save-login-credentials-for-icing?ref=title

#7 Updated by mhein over 2 years ago

  • Status changed from Feedback to Assigned
  • Assignee set to mhein
  • Estimated time set to 0.00

I think we can safe the login name into cookie and display that on login. Enable by default and configurable so you can deactivate this feature

#8 Updated by mhein over 2 years ago

  • Status changed from Assigned to Resolved

You can change behavoiur (behaviour.store_loginname=true|false) in auth.xml

Also available in: Atom PDF