diff options
| author | Gunnar Mills <gmills@us.ibm.com> | 2018-09-25 09:45:10 -0500 |
|---|---|---|
| committer | Gunnar Mills <gmills@us.ibm.com> | 2018-09-25 15:37:44 +0000 |
| commit | b12f98601e2b08c4605a8d2c1a708b6c80b678a8 (patch) | |
| tree | abe2db6d33f4632db4845c38a6158b3f494fbe9a /app/login/controllers/login-controller.html | |
| parent | e8634e6bfc99879a14234c485577c6e899dd6da1 (diff) | |
| download | phosphor-webui-b12f98601e2b08c4605a8d2c1a708b6c80b678a8.tar.gz phosphor-webui-b12f98601e2b08c4605a8d2c1a708b6c80b678a8.zip | |
Do not autocomplete username and password
Security scanners list autocomplete on as a medium priority
issue. The concern being someone could use it to compromise
a bmc with a password saved on a compromised computer.
Resolves openbmc/phosphor-webui#18
Change-Id: Ie6936d84a0b94a81781a077d1542a6ce1d413d6d
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
Diffstat (limited to 'app/login/controllers/login-controller.html')
| -rw-r--r-- | app/login/controllers/login-controller.html | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/login/controllers/login-controller.html b/app/login/controllers/login-controller.html index 2d1ec99..4a61a4a 100644 --- a/app/login/controllers/login-controller.html +++ b/app/login/controllers/login-controller.html @@ -16,10 +16,10 @@ <input type="text" ng-model="host" required ng-class="{'error': error && description != 'Invalid username or password'}" autofocus ng-keydown="tryLogin(host, username, password, $event)" ng-disabled="dataService.loading"> <label for="username">Username</label> - <input type="text" id="username" name="username" required ng-model="username" ng-class="{'error': description == 'Invalid username or password'}" ng-keydown="tryLogin(host, username, password, $event)" ng-disabled="dataService.loading"> + <input type="text" id="username" name="username" required ng-model="username" ng-class="{'error': description == 'Invalid username or password'}" ng-keydown="tryLogin(host, username, password, $event)" ng-disabled="dataService.loading" autocomplete="off"> <label for="password">Password</label> - <input type="password" id="password" name="password" required ng-class="{'error': description == 'Invalid username or password'}" ng-model="password" ng-keydown="tryLogin(host, username, password, $event)" ng-disabled="dataService.loading"> + <input type="password" id="password" name="password" required ng-class="{'error': description == 'Invalid username or password'}" ng-model="password" ng-keydown="tryLogin(host, username, password, $event)" ng-disabled="dataService.loading" autocomplete="off"> <input id="login__submit" class="btn-primary submit" type="button" value="Log in" role="button" ng-click="login(host, username, password)" ng-class="{error: error}" ng-disabled="dataService.loading"> |
