Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New config setting to set autocomplete=off to password fields in Piwik #6347

Closed
mattab opened this issue Sep 30, 2014 · 5 comments
Closed

New config setting to set autocomplete=off to password fields in Piwik #6347

mattab opened this issue Sep 30, 2014 · 5 comments
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org.
Milestone
Backlog (Help wan...

Comments

@mattab
Copy link
Member

mattab commented Sep 30, 2014

The goal of this issue is to create a new config file setting to enable autocomplete=off on all password fields in Piwik.

Steps

  • New config setting
  • Applies to Login form, Password reset form, and other password field in Manage users admin screen

Reasoning behind the request:

In february this year someone made the suggestion in PR #231 and I decided to not put it in Piwik core as there seems to be a lot of people arguing against this measure as it breaks the usability of password managers. For more info on the pros/cons see: https://startpage.com/do/search?q=autocomplete%3Doff%20security

However because some users like this setting and because it does provide better security in some cases such as a Piwik accessible to dozens of people, then we should simply add such a useful setting.
@mattab mattab added Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical. c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. labels Sep 30, 2014
@mattab mattab added this to the Short term milestone Sep 30, 2014
@mattab mattab changed the title New config setting to set New config setting to set autocomplete=off to password fields in Piwik Sep 30, 2014
@mattab mattab mentioned this issue Sep 30, 2014
Closed
@mattab mattab modified the milestones: Mid term, Short term Oct 12, 2014
@mattab mattab added the Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. label Nov 3, 2014
@mattab mattab removed the Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical. label Nov 17, 2014
@mattab mattab mentioned this issue Nov 26, 2015
Closed
@mattab mattab mentioned this issue Jul 17, 2016
Closed
@mattab mattab modified the milestones: Long term, Mid term Dec 5, 2016
@narion
Copy link

narion commented Jun 26, 2018

Is there any update on this features addition?

@sgiehl
Copy link
Member

sgiehl commented Jun 26, 2018

That isn't anything we will work on soon. But Pull Requests are always welcome 🙂

@christophs78
Copy link

Our security folks think we need to set autocomplete=off. Currently we have to modify the matomo-installation after each update manually. We would really appreciate a config-setting for this.

@Findus23
Copy link
Member

Findus23 commented Dec 3, 2019

Hoenestly this doesn't matter anymore. Website developers have abused autocomplete="off" to break password managers so that most browsers started to side with the users and are ignoring it now.

@sgiehl
Copy link
Member

sgiehl commented Dec 19, 2022

We meanwhile have a autocomplete=off on all password fields and there shouldn't be any sense in having a config to remove that.

@sgiehl sgiehl closed this as not planned Won't fix, can't repro, duplicate, stale Dec 19, 2022
@justinvelluppillai justinvelluppillai added the not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org. label Jan 12, 2023
@bx80 bx80 mentioned this issue Mar 15, 2024
Merged
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org.
Projects
None yet
Milestone
Backlog (Help wanted)
Development

No branches or pull requests
6 participants
@mattab @justinvelluppillai @sgiehl @narion @Findus23 @christophs78