Set the password_autocomplete default to "off"
It's safer to set the autocomplete option to "off" for passwords so that browsers get the hint to not save it. The default should be secure so that deployers need to make a conscious decision to be less-secure. This is for security hardening. SecurityImpact Closes-Bug: 1420863 Change-Id: If2c3439cf23b11dd7829a4d7866d3b21409a7d69
This commit is contained in:
parent
8c819a87b6
commit
7bd87acdd0
|
@ -212,7 +212,7 @@ requires them.
|
|||
|
||||
.. versionadded:: 2013.1(Grizzly)
|
||||
|
||||
Default: ``"on"``
|
||||
Default: ``"off"``
|
||||
|
||||
Controls whether browser autocompletion should be enabled on the login form.
|
||||
Valid values are ``"on"`` and ``"off"``.
|
||||
|
|
|
@ -40,7 +40,7 @@ HORIZON_CONFIG = {
|
|||
'password_validator': {'regex': '.*',
|
||||
'help_text': _("Password is not accepted")},
|
||||
|
||||
'password_autocomplete': 'on',
|
||||
'password_autocomplete': 'off',
|
||||
|
||||
# Enable or disable simplified floating IP address management.
|
||||
'simple_ip_management': True
|
||||
|
|
Loading…
Reference in New Issue