hello
since I upgraded to cas 3.1.2, I noticed that by default users can now
"remember" typed password :-( !
I removed that "feature" by setting autocomplete="off" in the
corresponding jsp:
[EMAIL PROTECTED]
~/cas-toolbox-3.1.2-1/custom.tmsp1/webpages/WEB-INF/view/jsp/tmsp1Vues/ui]
$ grep "autocomplete=\"off\"" casLoginView.jsp
<form:password cssClass="required" cssErrorClass="error" id="password"
size="25" tabindex="2" path="password"
accesskey="${passwordAccessKey}" autocomplete="off" htmlEscape="true" />
Is there a reason why this remembering feature had been reintroduced ?
Older realeases didn't allowed that by default.
It seems to me as beeing a security issue !?
Thanks.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
