[Openstack-security] [openstack/horizon] SecurityImpact review request change If2c3439cf23b11dd7829a4d7866d3b21409a7d69
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Wed Feb 11 16:41:39 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/154943
Log:
commit 91c8f76fa8f7a5b20c03d75d855ef3ef1e5ab026
Author: Brant Knudson <bknudson at us.ibm.com>
Date: Wed Feb 11 10:38:58 2015 -0600
Set the password_autocomplete default to "off"
It's safer to set the autocomplete option to "off" for passwords
so that browsers get the hint to not save it. The default should
be secure so that deployers need to make a conscious decision to
be less-secure.
This is for security hardening.
SecurityImpact
Partial-Bug: #1420863
Change-Id: If2c3439cf23b11dd7829a4d7866d3b21409a7d69
More information about the Openstack-security
mailing list