Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#1762 closed enhancement (wontfix)

susimail password auto-complete (security enhancement)

Reported by: anonymous maybe Owned by:
Priority: minor Milestone: undecided
Component: apps/susimail Version: 0.9.24
Keywords: Cc:
Parent Tickets: Sensitive: no

Description

AUTOCOMPLETE attribution is not disabled in HTML FORM/INPUT element containing password type input. passwords maybe stored in browsers and retrieved.

solution for this:-

Turn off AUTOCOMPLETE attribution in form or individual input elements containing password by using AUTOCOMPLETE='OFF'

reference

https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion

http://msdn.microsoft.com/library/default.asp?url=/workshop/author/forms/autocomplete_ovr.asp

Subtickets

Change History (2)

comment:1 Changed 4 years ago by zzz

Resolution: wontfix
Status: newclosed

Not going to do this. Dup of #1763 item 2), see response there.

comment:2 Changed 4 years ago by anonymous maybe

since susimail built in by default so same goes there:-

trac.i2p2.i2p/ticket/1763#comment:2

Note: See TracTickets for help on using tickets.