Products

Solutions

Resources

Partners

Community

Blog

About

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...4.8.2 - Why is form autocomplete=off?4.8.2 - Why is form autocomplete=off?
Previous
 
Next
New Post
4/23/2008 9:55 PM
 

I've just noticed on 4.8.2, that default.aspx now has autocomplete=off in the form tag:

[form name="Form" method="post" action="/default.aspx" id="Form" enctype="multipart/form-data" style="height: 100%;" autocomplete="off"]

When was this added and why?  I just checked an older 4.5.3 and it is not there.  There are 2 reasosn I dont like this at all -

1) Why are we forced to have autocomplete off by default, without knowing that it is off until we happen to accidentally notice this in the source code.  What is so bad about autocomplete?

And 2) This is not xhtml valid - I thought DNN was trying to improve its validness, not make it worse!

End rant.  Please someone tell me that there was a really good reason for this change :)

JK.


You know your website is cool, so why not let your users help you by spreading the word on social networking sites - get the DotNetNuke Social Bookmarks Module with 57 different ways to add social bookmarks to your site ... or download the FREE demo right now
 
New Post
4/24/2008 9:42 AM
 

If I remember correctly, I read somewhere on the forum that autocomplete="on" poses a security risk ... I tried finding it, but no luck.


Tom Kraak
SEO Analyst
R2integrated
 
New Post
4/24/2008 1:41 PM
 

Tom Kraak wrote

If I remember correctly, I read somewhere on the forum that autocomplete="on" poses a security risk ... I tried finding it, but no luck.

There is certainly a potential security/privacy risk here, but it should not have just been globally turned off.  It should have been turned off in core modules like Account Login module for the user ID, but module developers should be able to assume the default and turn it off on a case-by-case basis, since it works at the input tag level.

 
New Post
4/24/2008 3:51 PM
 

My guess would be along the lines of the above comments.  AutoCompletion is an inherit security risk, if someone accesses the site from a public computer, auto complete saves the username and/or password, then another user could login. 

I personally don't believe it is much of an issue as long as you have educated users, from an admin side of things.  However, many believe this to be a much large security risk.

I agree with the statements by Michael, this should be a configuration option, possibly in "user settings" where all other elements related to login process are stored.


-Mitchel Sellers
Microsoft MVP, ASPInsider, DNN MVP
CEO/Director of Development - IowaComputerGurus Inc.
LinkedIn Profile

Visit mitchelsellers.com for my mostly DNN Blog and support forum.

Visit IowaComputerGurus.com for free DNN Modules, DNN Performance Tips, DNN Consulting Quotes, and DNN Technical Support Services
 
New Post
5/21/2008 3:46 PM
 

I too would like to turn autocomplete on, I've changed the global to autocomplete="on" but the textboxes still do not remember any history, please help.

 
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...4.8.2 - Why is form autocomplete=off?4.8.2 - Why is form autocomplete=off?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out