Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-13200

Add autocomplete="off" to additional password fields

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.1.0-RC5
    • Fix Version/s: 3.1.5-RC1
    • Component/s: ACP
    • Labels:
      None

      Description

      The autocomplete="off" attribute was added to a few password fields but several browsers now ignore this for password fields due to suggestions of creating complex passwords for increased security or the inclusion of a password manager (see https://bugzilla.mozilla.org/show_bug.cgi?id=956906). There are some workarounds it seems that might be useful in the case of FireFox like http://stackoverflow.com/questions/17781077/autocomplete-off-is-not-working-on-firefox

      For the rest of the browser fold it might still be wise to also add this attribute to the corresponding username fields in the ACP which would not have this attribute ignored but are still getting auto-filled with the username. The following fields would be the ones that would need the attribute added (there might be others):
      Authentication -> LDAP user un (field ID: ldap_user)
      Email settings -> SMTP username (field ID: smtp_username)
      Jabber settings -> Jabber username (field ID: jab_username) -> Jabber password (field ID: jab_password)
      Create forum (field ID: forum_image -> browser seems to treat this field as a username field)

        Issue Links

          Activity

          Hide
          Dragosvr92 Dragos Valentin Rădulescu added a comment -

          I dont know how many users use those fields for SMTP and jabber, but if they do, their previously used data remain stored in the browser and they can choose them later on from the dropdown menu, or they can just highlight them and delete them by pushing the Delete key.

          The fields that load the forum username should be ignored from the acp though... Also, the Forum and Group fields should use autocomplete off because, once you create a Group or Forum, it is unlikely you will do it again with that name.

          As 3.1 uses lots of jquery and all that fancy stuff, it may be better to turn it off with jquery on certain fields

          Show
          Dragosvr92 Dragos Valentin Rădulescu added a comment - I dont know how many users use those fields for SMTP and jabber, but if they do, their previously used data remain stored in the browser and they can choose them later on from the dropdown menu, or they can just highlight them and delete them by pushing the Delete key. The fields that load the forum username should be ignored from the acp though... Also, the Forum and Group fields should use autocomplete off because, once you create a Group or Forum, it is unlikely you will do it again with that name. As 3.1 uses lots of jquery and all that fancy stuff, it may be better to turn it off with jquery on certain fields
          Hide
          DavidIQ David Colón added a comment -

          You could say the delete key can be used for all of those other fields too. We should probably be a bit more consistent though.

          Show
          DavidIQ David Colón added a comment - You could say the delete key can be used for all of those other fields too. We should probably be a bit more consistent though.
          Hide
          Dragosvr92 Dragos Valentin Rădulescu added a comment -

          I think it is a very bad idea to turn off autocomplete on the second ACP login system.
          I have my browser remember my forum password so i wont have to retype it each time i want to log in.

          And lets say the forum login stays on for about forever. But the acp login pass has to be typed each time you want to login. There should be an option to turn this off.

          I am the only person that uses this pc and i dont worry someone may want to go and check my acp.

          Show
          Dragosvr92 Dragos Valentin Rădulescu added a comment - I think it is a very bad idea to turn off autocomplete on the second ACP login system. I have my browser remember my forum password so i wont have to retype it each time i want to log in. And lets say the forum login stays on for about forever. But the acp login pass has to be typed each time you want to login. There should be an option to turn this off. I am the only person that uses this pc and i dont worry someone may want to go and check my acp.

            People

            • Assignee:
              Marc Marc
              Reporter:
              DavidIQ David Colón
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development