[Archivesspace_Users_Group] Security question
Majewski, Steven Dennis (sdm7g)
sdm7g at eservices.virginia.edu
Fri Jan 8 14:23:21 EST 2016
On Jan 8, 2016, at 9:59 AM, Neal, Rick <rneal at richmond.edu<mailto:rneal at richmond.edu>> wrote:
Good morning,
We are in the middle of a security audit and I have a question about
Form with action http://servername:8080/users does not explicitly disable autocomplete for the following sensitive fields: user[password],user[confirm_password].
I would appreciate any advice on how to disable autocomplete on the login form.
Thanks,
Rick
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rick Neal
Library Applications and Systems Administrator
Boatwright Memorial Library
University of Richmond, VA 23173
rneal at richmond.edu<mailto:rneal at richmond.edu>
It’s questionable how well this actually works — many browsers seem to ignore it — but it’s probably
what you want to pass your security audit: autocomplete=“off”
html - How do you disable browser Autocomplete on web form field / input tag? - Stack Overflow<http://stackoverflow.com/questions/2530/how-do-you-disable-browser-autocomplete-on-web-form-field-input-tag>
Copy frontend/app/views/shared/_login.html.erb to plugins/local/frontend/views/shared/
( after creating those directories if necessary ) and add that attribute to the form and/or form input’s .
— Steve Majewski
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20160108/02f87f1a/attachment.html>
More information about the Archivesspace_Users_Group
mailing list