Uploaded image for project: 'Accumulo'
  1. Accumulo
  2. ACCUMULO-4688

Consider adding autocomplete=false to the shell servlet's password input element

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Trivial
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: monitor
    • Labels:
      None

      Description

      Had a report from a user which identified an 'issue" in the ShellServlet around the password input element.

      There is an attribute autocomplete which can be set to false on the input element that will instruct browsers to not try to save the password in some store. In theory, this marginally improves security as the password would not be stored on the local machine in (potentially) some way that could be accessed by an adversary.

      I'm on the fence about the value of making this change (if the browser doesn't do this automatically, users would probably do this on their own in a way that is less secure than how the browser could). Thoughts from everyone else?

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                elserj Josh Elser
                Reporter:
                elserj Josh Elser
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 40m
                  40m