ChiliProject is not maintained anymore. Please be advised that there will be no more updates.

We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.

Disable autocomplete at LDAP connection page (Bug #820)

Added by Vladislav Poluhin at 2012-01-07 11:13 am. Updated at 2012-01-20 01:23 am.

Status:Closed Start date:2012-01-07
Priority:Normal Due date:
Assignee:- % Done:

0%
Category:-
Target version:-
Remote issue URL: Affected version:2.6.0

Description

Disable autocomplete at field auth_source[account_password] at http://hostname/ldap_auth_sources/edit/ID

Associated revisions

Revision d4429a54
Added by Jean-Philippe Lang at 2008-03-12 09:50 pm

Fixes #820: invalid project id causes a NoMethodError in SearchController (Angel Dobbs-Sciortino).

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1237 e93f8b46-1217-0410-a6f0-8f06a7374b81

History

#2
Updated by Holger Just at 2012-01-16 12:37 pm

Typically, browsers don't have a generic auto-complete on password fields. Instead they allow integration into various built-in or external password managers. And quite frankly, disabling those is one of the worst practices of security theater out there.

So unless you have any further claims, I would be hesitant to implement this.

  • Status changed from Open to Declined

#3
Updated by Eric Davis at 2012-01-17 12:29 am

http://www.w3.org/TR/html5/forms.html#attr-form-autocomplete which we already use in app/views/users/_form.rhtml

#4
Updated by Vladislav Poluhin at 2012-01-20 01:23 am

  • Status changed from Declined to Closed

Also available in: Atom PDF