Velmurugan Periasamy created ARGUS-66:
-----------------------------------------
Summary: Set autocomplete off for fields that contains sensitive
data
Key: ARGUS-66
URL: https://issues.apache.org/jira/browse/ARGUS-66
Project: Argus
Issue Type: Bug
Reporter: Velmurugan Periasamy
Summary :
The form in login.jsp uses auto completion on line 55, which allows some
browsers to retain sensitive information in their history.Auto completion of
forms allows some browsers to retain sensitive information in their history.
Explanation :
With auto completion enabled, some browsers retain user input across sessions,
which could allow someone using the computer after the initial user to see
information previously submitted.
Recommendation :
Explicitly disable auto completion on forms or sensitive inputs. By disabling
auto completion, information previously entered will not be presented back to
the user as they type. It will also disable the "remember my password"
functionality of most major browsers.
How to verify:
When Logging into the system, browser shouldn't allow to the user to save the
password. Currently browser is asking the user to save the password.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
