Reviewed: https://review.openstack.org/154943 Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=7bd87acdd07f0718e32221525ff54a188f8cecb8 Submitter: Jenkins Branch: master commit 7bd87acdd07f0718e32221525ff54a188f8cecb8 Author: Brant Knudson <bknudson at us.ibm.com> Date: Wed Feb 11 10:38:58 2015 -0600 Set the password_autocomplete default to "off" It's safer to set the autocomplete option to "off" for passwords so that browsers get the hint to not save it. The default should be secure so that deployers need to make a conscious decision to be less-secure. This is for security hardening. SecurityImpact Closes-Bug: 1420863 Change-Id: If2c3439cf23b11dd7829a4d7866d3b21409a7d69 ** Changed in: horizon Status: In Progress => Fix Committed -- You received this bug notification because you are a member of OpenStack Security Group, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1420863 Title: Default setting should be secure Status in OpenStack Dashboard (Horizon): Fix Committed Status in OpenStack + Chef: In Progress Bug description: Horizon has some instructions for setting it up in a secure way[1]. These settings should be the default. [1] http://docs.openstack.org/developer/horizon/topics/deployment.html #secure-site-recommendations To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1420863/+subscriptions