password remembering in casLoginView.jsp
jehan procaccia
jehan.procaccia at int-evry.fr
Tue Mar 11 09:14:48 EDT 2008
hello
since I upgraded to cas 3.1.2, I noticed that by default users can now
"remember" typed password :-( !
I removed that "feature" by setting autocomplete="off" in the
corresponding jsp:
[root at cas1
~/cas-toolbox-3.1.2-1/custom.tmsp1/webpages/WEB-INF/view/jsp/tmsp1Vues/ui]
$ grep "autocomplete=\"off\"" casLoginView.jsp
<form:password cssClass="required" cssErrorClass="error" id="password"
size="25" tabindex="2" path="password"
accesskey="${passwordAccessKey}" autocomplete="off" htmlEscape="true" />
Is there a reason why this remembering feature had been reintroduced ?
Older realeases didn't allowed that by default.
It seems to me as beeing a security issue !?
Thanks.
More information about the cas
mailing list