Project

General

Profile

Actions

Feature #17021

closed

Add autocomplete="off" to BE login

Added by Patrick Gaumond almost 18 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Should have
Category:
-
Target version:
-
Start date:
2007-02-20
Due date:
% Done:

0%

Estimated time:
PHP Version:
5
Tags:
Complexity:
Sprint Focus:

Description

As a security feature we could add autocomplete="off" to the password field or even the whole login page (and Install Tool).

Most browsers support this:

<INPUT TYPE = "password" NAME = "thePassword" AUTOCOMPLETE = "off">
or
<FORM AUTOCOMPLETE = "off">...</FORM>

You should be aware that this tag is not an official W3C one but still, supported by all major browsers.

(issue imported from #M5046)


Files

patch_5046.diff (1.06 KB) patch_5046.diff Administrator Admin, 2009-12-29 13:08

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #16951: Autofill in form functions fail on Firefox & Internet ExplorerClosed2007-02-07

Actions
Is duplicate of TYPO3 Core - Bug #17671: Autocomplete OFF for BE-Login formClosedBernhard Kraft2007-10-11

Actions
Actions #2

Updated by Oliver Hader almost 18 years ago

+1 for doing this on form fields with sensitive data

Actions #3

Updated by Andreas Wolf over 17 years ago

AFAIK the password-fields are not used for auto-completion, or am I wrong? But this would surely be useful for fields with e.g. e-mail-addresses or login-names.

Actions #4

Updated by Bernhard Kraft about 17 years ago

I attached a patch allowing to configure IPs for which autocomplete is disabled to bug 6506.

But only for the username field - the password field will not get autocompleted anyways (browse security)

So you could add:

192.168.*,127.*

which would disable autocomplete for all local IPs

The option in the install tool is called "autocompleteOffIPs"

Actions #5

Updated by Bernhard Kraft almost 15 years ago

Added a new patch.

The problem with "autocomplete=off" is W3C validity. The tag is not official, so it renders the complete login page not valid any more (1 error).

The attached patch solves this problem by setting the attribute via JavaScript using the startUp() method already existing.

Actions #6

Updated by Bernhard Kraft about 11 years ago

  • Status changed from Accepted to Closed

This isssue is solved by UI improvements in modern browsers "remember password" feature.
No need for changes.

Actions

Also available in: Atom PDF