ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ritesh Kumar (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (OFBIZ-9471) Set autocomplete to off for all the password fields.
Date Sat, 08 Jul 2017 20:35:00 GMT

     [ https://issues.apache.org/jira/browse/OFBIZ-9471?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ritesh Kumar updated OFBIZ-9471:
--------------------------------
    Description: The login and Forget password screens have password inputs. It is a best
practice to disable autocomplete on the password field as it will avoid caching sensitive
data on client site (CC numbers) and avoid storing the password in an insecure and hackable
client-site database.  (was: The login and Forget password screens have password inputs. It
is a best practice to disable autocomplete on the password field as it will avoid caching
sensitive data on client site (CC numbers) and avoid storing the password in an insecure and
hackable client-site database)

> Set autocomplete to off for all the password fields.
> ----------------------------------------------------
>
>                 Key: OFBIZ-9471
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9471
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>            Reporter: Ritesh Kumar
>            Priority: Minor
>         Attachments: OFBIZ-9471-FRAMEWORK.patch, OFBIZ-9471-PLUGIN.patch
>
>
> The login and Forget password screens have password inputs. It is a best practice to
disable autocomplete on the password field as it will avoid caching sensitive data on client
site (CC numbers) and avoid storing the password in an insecure and hackable client-site database.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message