ChiliProject is not maintained anymore. Please be advised that there will be no more updates.
We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.
Disable autocomplete at LDAP connection page (Bug #820)
Description
Disable autocomplete at field auth_source[account_password] at http://hostname/ldap_auth_sources/edit/ID
Associated revisions
Fixes #820: invalid project id causes a NoMethodError in SearchController (Angel Dobbs-Sciortino).
git-svn-id: http://redmine.rubyforge.org/svn/trunk@1237 e93f8b46-1217-0410-a6f0-8f06a7374b81
History
Updated by Vladislav Poluhin at 2012-01-07 11:15 am
Updated by Holger Just at 2012-01-16 12:37 pm
Typically, browsers don't have a generic auto-complete on password fields. Instead they allow integration into various built-in or external password managers. And quite frankly, disabling those is one of the worst practices of security theater out there.
So unless you have any further claims, I would be hesitant to implement this.
- Status changed from Open to Declined
Updated by Eric Davis at 2012-01-17 12:29 am
http://www.w3.org/TR/html5/forms.html#attr-form-autocomplete which we already use in app/views/users/_form.rhtml
Updated by Vladislav Poluhin at 2012-01-20 01:23 am
- Status changed from Declined to Closed