[dev.icinga.com #723] Enable browser autocomplete for login credentials

[icinga-migration]

This issue has been migrated from Redmine: https://dev.icinga.com/issues/723

Created by jmosshammer on 2010-08-17 09:32:19 +00:00

Assignee: mhein
Status: Resolved (closed on 2011-08-03 10:39:02 +00:00)
Target Version: 1.5
Last Update: 2011-08-03 10:39:02 +00:00 (in Redmine)

---

Autocomplete for login field by the browser

Changesets

2011-08-03 10:37:03 +00:00 by mhein 2d4765a

* fixes #723 cookie for login credntials

[icinga-migration]

Updated by mfriedrich on 2010-08-17 09:44:30 +00:00

for security reasons, i wouldn't enable this by default.

[icinga-migration]

Updated by elagon on 2010-08-19 09:41:07 +00:00

I don't like that too much.
This way you can spoof all the users
Better to rely on your browser...

[icinga-migration]

Updated by jmosshammer on 2010-08-19 10:00:36 +00:00

No, it's not meant to be a autocomplete field in the way that a js-driven dropdown box displays the users and you can select yours. At the moment, your browser doesn't offer you any autocompletion for the input fields, because the input field has the autocomplete="off" attribute.

If you have very long names like in ldap authentification, it's very useful if your browser (!) offers you previously used items.

[icinga-migration]

Updated by b@fh on 2010-10-10 08:25:58 +00:00

As a sysadmin i totally agree with dnsmichi and elagon here.

Enabling autocompletion opens up a very large security leak. If needed, make this optional and by default turned off.

[icinga-migration]

Updated by mfriedrich on 2011-01-13 16:21:36 +00:00

• Status changed from New to Closed

i don't think it will return a lot of benefit. re-open if needed.

[icinga-migration]

Updated by mfriedrich on 2011-07-03 12:42:05 +00:00

• Subject changed from Enable autocomplete for login username to Enable browser autocomplete for login credentials
• Status changed from Closed to Feedback
• Target Version set to 1.5

from the perspective to allow the browser saving the credentials (or at least saving the login name) this is the users responsibility and could be made the default feature (as a lot of login masks offer that by default). and since it's a demanded idea on the feedback tracker, consider it for the maintenance release.

http://feedback.icinga.org/forums/50329-general/suggestions/1338715-allow-browsers-to-save-login-credentials-for-icing?ref=title

[icinga-migration]

Updated by mhein on 2011-08-03 09:24:47 +00:00

• Status changed from Feedback to Assigned
• Assigned to set to mhein
• Estimated Hours set to 0.0

I think we can safe the login name into cookie and display that on login. Enable by default and configurable so you can deactivate this feature

[icinga-migration]

Updated by mhein on 2011-08-03 10:39:02 +00:00

• Status changed from Assigned to Resolved

You can change behavoiur (behaviour.store_loginname=true|false) in auth.xml