Don't save user Id field in the login page for reference

cancel
Showing results for 
Search instead for 
Did you mean: 
akash251998
Established Member II

Don't save user Id field in the login page for reference

Jump to solution

When wo do login in alfresco it automatically saves the user name for future reference . I am attaching the pic for better understanding of the issue.

Pic 1:

errorerror

As in the above pic we can see that on typing a it is giving n number of username of DMS that starts with the name a.

 

Pic 2:

errerr

As in the above pic we can see that on typing s it is suggesting n number of user name.

 

Our requirement is that we don't want username to be stored like this. Because anyone can type any key and use the user id and can try to login . Its a security issue . So i want that it should not store any information like username for later  reference.

System information :-

I am using alfresco 5.2 community version on windows 10 pro. Please suggest any solution.

Dear @EddieMay  hope this time also you will help.

 

Regards 

Akash D

 

1 Solution

Accepted Solutions
EddieMay
Alfresco Employee

Re: Don't save user Id field in the login page for reference

Jump to solution

Hi @akash251998,

Login forms remembering usernames is pretty common in my experience & not something I'd immediately see as a vulnerability, especially if the system is not public facing. Also, many Alfresco instances are used with some form of single sign on system too.

However, if you want to remove the remember functionality, you will need to override the login page & add  autocomplete=“off” to the username field. You may also need to remove reset cookies on logging out to prevent the username being auto populated. 

Here's a tutorial on overrriding the login page -  hope this helps.

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!

View solution in original post

2 Replies
EddieMay
Alfresco Employee

Re: Don't save user Id field in the login page for reference

Jump to solution

Hi @akash251998,

Login forms remembering usernames is pretty common in my experience & not something I'd immediately see as a vulnerability, especially if the system is not public facing. Also, many Alfresco instances are used with some form of single sign on system too.

However, if you want to remove the remember functionality, you will need to override the login page & add  autocomplete=“off” to the username field. You may also need to remove reset cookies on logging out to prevent the username being auto populated. 

Here's a tutorial on overrriding the login page -  hope this helps.

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!
akash251998
Established Member II

Re: Don't save user Id field in the login page for reference

Jump to solution

Thanks @EddieMay  for your help as always.