[Archivesspace_Users_Group] Security question

Majewski, Steven Dennis (sdm7g) sdm7g at eservices.virginia.edu
Fri Jan 8 14:23:21 EST 2016

On Jan 8, 2016, at 9:59 AM, Neal, Rick <rneal at richmond.edu<mailto:rneal at richmond.edu>> wrote:

Good morning,

We are in the middle of a security audit and I have a question about

Form with action http://servername:8080/users does not explicitly disable autocomplete for the following sensitive fields: user[password],user[confirm_password].

I would appreciate any advice on how to disable autocomplete on the login form.



Rick Neal
Library Applications and Systems Administrator
Boatwright Memorial Library
University of Richmond, VA 23173

rneal at richmond.edu<mailto:rneal at richmond.edu>

It’s questionable how well this actually works — many browsers seem to ignore it — but it’s probably
what you want to pass your security audit:  autocomplete=“off”

html - How do you disable browser Autocomplete on web form field / input tag? - Stack Overflow<http://stackoverflow.com/questions/2530/how-do-you-disable-browser-autocomplete-on-web-form-field-input-tag>

Copy  frontend/app/views/shared/_login.html.erb  to  plugins/local/frontend/views/shared/
( after creating those directories if necessary ) and add that attribute to the form and/or form input’s .

— Steve Majewski

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20160108/02f87f1a/attachment.html>

More information about the Archivesspace_Users_Group mailing list