Return-Path: <notifications-return-10265-archive-asf-public=cust-asf.ponee.io@ofbiz.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 342B6200CBF
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Sat,  8 Jul 2017 22:35:05 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 3095616AE79; Sat,  8 Jul 2017 20:35:05 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 7978016B397
	for <archive-asf-public@cust-asf.ponee.io>; Sat,  8 Jul 2017 22:35:04 +0200 (CEST)
Received: (qmail 97550 invoked by uid 500); 8 Jul 2017 20:35:03 -0000
Mailing-List: contact notifications-help@ofbiz.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:notifications-help@ofbiz.apache.org>
List-Unsubscribe: <mailto:notifications-unsubscribe@ofbiz.apache.org>
List-Post: <mailto:notifications@ofbiz.apache.org>
List-Id: <notifications.ofbiz.apache.org>
Reply-To: dev@ofbiz.apache.org
Delivered-To: mailing list notifications@ofbiz.apache.org
Received: (qmail 97541 invoked by uid 99); 8 Jul 2017 20:35:03 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 08 Jul 2017 20:35:03 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 2926E188A5A
	for <notifications@ofbiz.apache.org>; Sat,  8 Jul 2017 20:35:03 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -100.002
X-Spam-Level: 
X-Spam-Status: No, score=-100.002 tagged_above=-999 required=6.31
	tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001,
	USER_IN_WHITELIST=-100] autolearn=disabled
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024)
	with ESMTP id w0DH42rTCB_u for <notifications@ofbiz.apache.org>;
	Sat,  8 Jul 2017 20:35:02 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 26B2A5FCD2
	for <notifications@ofbiz.apache.org>; Sat,  8 Jul 2017 20:35:02 +0000 (UTC)
Received: from jira-lw-us.apache.org (unknown [207.244.88.139])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 01AA5E0D9E
	for <notifications@ofbiz.apache.org>; Sat,  8 Jul 2017 20:35:01 +0000 (UTC)
Received: from jira-lw-us.apache.org (localhost [127.0.0.1])
	by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 2AE20246A0
	for <notifications@ofbiz.apache.org>; Sat,  8 Jul 2017 20:35:00 +0000 (UTC)
Date: Sat, 8 Jul 2017 20:35:00 +0000 (UTC)
From: "Ritesh Kumar (JIRA)" <jira@apache.org>
To: notifications@ofbiz.apache.org
Message-ID: <JIRA.13085711.1499535514000.200766.1499546100174@Atlassian.JIRA>
In-Reply-To: <JIRA.13085711.1499535514000@Atlassian.JIRA>
References: <JIRA.13085711.1499535514000@Atlassian.JIRA> <JIRA.13085711.1499535514888@jira-lw-us.apache.org>
Subject: [jira] [Updated] (OFBIZ-9471) Set autocomplete to off for all the
 password fields.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Sat, 08 Jul 2017 20:35:05 -0000


     [ https://issues.apache.org/jira/browse/OFBIZ-9471?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ritesh Kumar updated OFBIZ-9471:
--------------------------------
    Description: The login and Forget password screens have password inputs. It is a best practice to disable autocomplete on the password field as it will avoid caching sensitive data on client site (CC numbers) and avoid storing the password in an insecure and hackable client-site database.  (was: The login and Forget password screens have password inputs. It is a best practice to disable autocomplete on the password field as it will avoid caching sensitive data on client site (CC numbers) and avoid storing the password in an insecure and hackable client-site database)

> Set autocomplete to off for all the password fields.
> ----------------------------------------------------
>
>                 Key: OFBIZ-9471
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9471
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>            Reporter: Ritesh Kumar
>            Priority: Minor
>         Attachments: OFBIZ-9471-FRAMEWORK.patch, OFBIZ-9471-PLUGIN.patch
>
>
> The login and Forget password screens have password inputs. It is a best practice to disable autocomplete on the password field as it will avoid caching sensitive data on client site (CC numbers) and avoid storing the password in an insecure and hackable client-site database.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)