Skip to content

New config setting to set autocomplete=off to password fields in Piwik #6347

New issue
New issue
Closed as not planned
Closed as not planned
New config setting to set autocomplete=off to password fields in Piwik#6347
Labels
EnhancementFor new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.c: SecurityFor issues that make Matomo more secure. Please report issues through HackerOne and not in Github.not-in-changelogFor issues or pull requests that should not be included in our release changelog on matomo.org.
@mattab

Description

@mattab
mattab
opened on Sep 30, 2014

The goal of this issue is to create a new config file setting to enable autocomplete=off on all password fields in Piwik.

Steps

  • New config setting
  • Applies to Login form, Password reset form, and other password field in Manage users admin screen

Reasoning behind the request:

In february this year someone made the suggestion in PR #231 and I decided to not put it in Piwik core as there seems to be a lot of people arguing against this measure as it breaks the usability of password managers. For more info on the pros/cons see: https://startpage.com/do/search?q=autocomplete%3Doff%20security

However because some users like this setting and because it does provide better security in some cases such as a Piwik accessible to dozens of people, then we should simply add such a useful setting.

Metadata

Metadata

Assignees

No one assigned

    Labels

    EnhancementFor new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.c: SecurityFor issues that make Matomo more secure. Please report issues through HackerOne and not in Github.not-in-changelogFor issues or pull requests that should not be included in our release changelog on matomo.org.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions