[Openstack-security] [openstack/horizon] SecurityImpact review request change If2c3439cf23b11dd7829a4d7866d3b21409a7d69

gerrit2 at review.openstack.org gerrit2 at review.openstack.org
Wed Feb 11 16:41:39 UTC 2015


Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/154943

Log:
commit 91c8f76fa8f7a5b20c03d75d855ef3ef1e5ab026
Author: Brant Knudson <bknudson at us.ibm.com>
Date:   Wed Feb 11 10:38:58 2015 -0600

    Set the password_autocomplete default to "off"
    
    It's safer to set the autocomplete option to "off" for passwords
    so that browsers get the hint to not save it. The default should
    be secure so that deployers need to make a conscious decision to
    be less-secure.
    
    This is for security hardening.
    
    SecurityImpact
    
    Partial-Bug: #1420863
    
    Change-Id: If2c3439cf23b11dd7829a4d7866d3b21409a7d69





More information about the Openstack-security mailing list