You are not logged in. Please login or register.
PunBB Forums → Feature requests → please use autocomplete="off" in the login form
Hi,
It would be nice to have the attribute: autocomplete="off" in the login form.
Some thing like:
<form autocomplete="off" ...It prevent the browser from saving your user/password. This attribute is used in my sites like yahoo mail and hotmail.
Maybe it can be configured as an option.
Thanks
Oliver
How many browsers support that attribute?
All mayor: mozilla 1+, Firefox 1+, IE 5+
http://www.w3.org/Submission/web-forms2 … tocomplete
nice, hmm... but it seems one need to put it on the text/password fields
applies to the text, password, select, textarea, date-related, time-related, numeric, email, and uri controls
If you put in the <form> tag, all fields of the form get the attribute too.
So there is no need to put in every form field.
Of course you can also use it only, for example, for the password field.
The autocomplete attribute is invalid XHTML. It shouldn't be too hard to mod PunBB to use it for those who want it, but I hope the core stays valid.
plus, some people (like me) just love autocompleting fields because they are too stupid to remember all their passwords....
plus, some people (like me) just love autocompleting fields because they are too stupid to remember all their passwords....
+1 
or to lazzy to remind it
You can make it off in your browser, I like the autocomplete.
There is no chance of the the automcomplete attribute being added as a default. My attitude is that since this is browser feature rather than part of xhtml then it is up to people to set up their own browsers correctly. The only exception I would make are secure commerical sites where safety takes precedence over everything.
another feature, will be to allow users to login in public terminals.
Think about this, you check your punbb forum from a friends PC, while traveling, while in another work workstation, and your login info is compromised.
Firefox ask you every time to remember your password, but Internet Explorer no.
So, this feature should give a more secure aproach to punbb logins.
I agree, it can be disabled or disabled/enabled per user login (using a checkbox like "I'm using a public terminal"), thats perfect for me.
So, lets look at this:
Pros:
- Browsers won't save login info. Ever.
Cons:
- Browsers won't save login info. Ever. Yes, that is a desired feature for some people. 
- the XHTML, a very important part of PunBB, would be invalid
I see this the same way I see the issue of opening links in a new window. PunBB could implement some javascript to do that. However, why should it? The user should have the option of where to view the link. Same thing here. The user should have the option to save their password if they so choose. They don't have to save it, there is no larger a security risk (because you have to accept a prompt to save your password), and it would not allow the user any choice.
I won't say the word "Ever".
This feature should be configured as:
- a site configuration, done by the admin
- a user configuration, done by a cookie and custom make login form
Either way, it is configurable.
Another way to look at this is:
- punbb configured as secure as posible: use a non xhtml attribute in favor to a secure installations (as done in bank, yahoo, hotmail, big-site-example.com, etc)
- punbb configured as user friendly: let the browser save the user/password of the login form
you have to decide how secure you want to provide punbb to your users ...
You can decide that now: if you want it, add it in.
Most forums would rather give their users the ability to save their username/passwords over the need to keep them secure (after all, you shouldn't be storing sensitive banking details in a forum ). And if a forum wants to add it in, they can edit the file: there's no need to make it an option to configure and thus add more bloat to the software.
It's the same thing with the links in new windows. There are small mods out there to change the behavior. PunBB isn't going to implement them as an option because it's easier and simpler to not do it and let the user do it if they really feel they need it
Hi Smartys,
my point is that since IE is the most used browser, and it does not ask you to save your password, it might be insecure when people use IE in public terminals. thats all.
BTW, I use Firefox
Hi Smartys,
my point is that since IE is the most used browser, and it does not ask you to save your password, it might be insecure when people use IE in public terminals. thats all.BTW, I use Firefox
Err, I just tested it: it asks me for every unqiue username/password I put in
Just a note, most users just click Yes in the "don't ask again" checkbox from the dialog window.
My only point is that most secure site uses this attribute, so it might be usefull to use it.
Smartys, I already know that you don't want to use this attribute, thats ok.
Choosing don't ask again disables the password saving.
And it's not that I don't want it, it's that this would break the XHTML and keep the user from having a choice. I know this will never become a part of PunBB (well, as much as anyone but Rickard can know), but that doesn't mean I won't still argue that it isn't necessary
Hi Smartys,
lets calm down a litle.
I understand your point about saving the passwords. No problem.
I edited my forum to support autocomplete=off, if anyone find it helpfull, they can read my first post and do the same.
I am calm
PunBB Forums → Feature requests → please use autocomplete="off" in the login form
Powered by PunBB, supported by Informer Technologies, Inc.