[
https://issues.apache.org/jira/browse/ARGUS-66?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Velmurugan Periasamy reassigned ARGUS-66:
-----------------------------------------
Assignee: Velmurugan Periasamy
> Set autocomplete off for fields that contains sensitive data
> ------------------------------------------------------------
>
> Key: ARGUS-66
> URL: https://issues.apache.org/jira/browse/ARGUS-66
> Project: Argus
> Issue Type: Bug
> Reporter: Velmurugan Periasamy
> Assignee: Velmurugan Periasamy
>
> Summary :
> The form in login.jsp uses auto completion on line 55, which allows some
> browsers to retain sensitive information in their history.Auto completion of
> forms allows some browsers to retain sensitive information in their history.
> Explanation :
> With auto completion enabled, some browsers retain user input across
> sessions, which could allow someone using the computer after the initial user
> to see information previously submitted.
> Recommendation :
> Explicitly disable auto completion on forms or sensitive inputs. By disabling
> auto completion, information previously entered will not be presented back to
> the user as they type. It will also disable the "remember my password"
> functionality of most major browsers.
> How to verify:
> When Logging into the system, browser shouldn't allow to the user to save the
> password. Currently browser is asking the user to save the password.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
