Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-64969

Re-add loginpasswordautocomplete option



    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.3 regressions
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:


      Hello, I was told to open a ticket related to this issue


      Previously in https://tracker.moodle.org/browse/MDL-55476 the option for "loginpasswordautocomplete" was removed. It was removed because, realistically to the general public, its not honored by browsers.


      However, I believe this logic is unsound, or at the very least not enough to justify removal of this feature. Whether or not a flag is honored by a client browser is fully a client issue.


      Burp Security Suite identifies forms with passwords and autocomplete enabled as a warning. These are all shown as "Password field does not have "autocomplete=off"" warnings.


      These warnings turn into security issues on our monthly review. Previously we could just enable this setting, and the problem would be solved. 


      There are configurations of browsers within secured federal government environments that DO respect these settings. This might not be super useful to all users, but there are edge cases where this is an important feature (of which I am one I guess). 


      Perhaps add a warning that "This is not respected by most browsers" or something to that effect? 

      But I would like to revert this change, and reinclude the feature. 


      Thank you. 


          Issue Links



              • Assignee:
                stormthegates Wolf Ventir
                Component watchers:
                Jake Dallimore, Jun Pataleta, Ryan Wyllie
              • Votes:
                0 Vote for this issue
                3 Start watching this issue


                • Created: