Small width layout Medium width layout Maximum width layout Small text Medium text Large text
     Search
Downloads Downloads Directory Directory Forums Forums Forge Forge Blogs Blogs        Marketplace Marketplace Careers Program Careers
Community › Forums Register  |  

Affordable ASP.NET Hosting Service
  Ads  
Active Modules -- Active Forums for DotNetNuke
 


  Sponsors  

Meet Our Sponsors

Salaro -- Skins and more
OnyakTech
CrystalTech Web Hosting™
Webhost4life, specialists in DNN hosting
Mad Development is a full service interactive agency focusing on the merge of design, technology, e-commerce, and affiliate marketing by providing total website solutions.
SteadyRain
 


DotNetNuke Forums
 
  Forum  General DotNetN...  Chat About It!  4.8.2 - Why is form autocomplete=off?
Previous Previous
 
Next Next
New Post 4/23/2008 7:55 PM
User is offline JK
351 posts
www.bestwebsites.co.nz
8th Ranked


4.8.2 - Why is form autocomplete=off? 
Modified By JK on 4/23/2008 10:11:59 PM)

I've just noticed on 4.8.2, that default.aspx now has autocomplete=off in the form tag:

[form name="form" method="post" action="/default.aspx" id="form" enctype="multipart/form-data" style="height: 100%;" autocomplete="off"]

When was this added and why?  I just checked an older 4.5.3 and it is not there.  There are 2 reasosn I dont like this at all -

1) Why are we forced to have autocomplete off by default, without knowing that it is off until we happen to accidentally notice this in the source code.  What is so bad about autocomplete?

And 2) This is not xhtml valid - I thought DNN was trying to improve its validness, not make it worse!

End rant.  Please someone tell me that there was a really good reason for this change :)

JK.

You know your website is cool, so why not let your users help you by spreading the word on social networking sites - get the DotNetNuke Social Bookmarks Module with 55 different ways to add social bookmarks to your site ... or download the FREE demo right now
 
New Post 4/24/2008 7:42 AM
User is offline Tom Kraak
364 posts
seablick.com
8th Ranked






Re: 4.8.2 - Why is form autocomplete=off? 

If I remember correctly, I read somewhere on the forum that autocomplete="on" poses a security risk ... I tried finding it, but no luck.

Tom Kraak
Seablick Consulting LLC
DNN OpenForce 08: Intro to SEO with DNN
 
New Post 4/24/2008 11:41 AM
User is offline Michael Sumerano
59 posts
10th Ranked


Re: 4.8.2 - Why is form autocomplete=off? 

 Tom Kraak wrote

If I remember correctly, I read somewhere on the forum that autocomplete="on" poses a security risk ... I tried finding it, but no luck.

There is certainly a potential security/privacy risk here, but it should not have just been globally turned off.  It should have been turned off in core modules like Account Login module for the user ID, but module developers should be able to assume the default and turn it off on a case-by-case basis, since it works at the input tag level.
 
New Post 4/24/2008 1:51 PM
User is offline Mitch Sellers
5719 posts
www.mitchelsellers.com
3rd Ranked




Re: 4.8.2 - Why is form autocomplete=off? 

My guess would be along the lines of the above comments.  AutoCompletion is an inherit security risk, if someone accesses the site from a public computer, auto complete saves the username and/or password, then another user could login. 

I personally don't believe it is much of an issue as long as you have educated users, from an admin side of things.  However, many believe this to be a much large security risk.

I agree with the statements by Michael, this should be a configuration option, possibly in "user settings" where all other elements related to login process are stored.

-Mitchel Sellers
MCITP, MCPD, MCTS
CEO/Director of Development - IowaComputerGurus Inc.
LinkedIn Profile

Visit mitchelsellers.com for my mostly DNN Blog and support forum.

Visit IowaComputerGurus.com for free DNN Modules, DNN Consulting Quotes, and DNN Technical Support Services

I reccomend 3Essentials for shared hosting and BaseCamp for project management
 
New Post 5/21/2008 1:46 PM
User is offline stsong
2 posts
10th Ranked


Re: 4.8.2 - Why is form autocomplete=off? 

I too would like to turn autocomplete on, I've changed the global to autocomplete="on" but the textboxes still do not remember any history, please help.
 
 Page 1 of 41234Next 
Previous Previous
 
Next Next
  Forum  General DotNetN...  Chat About It!  4.8.2 - Why is form autocomplete=off?
 


Forum Policy

These Discussion Forums are dedicated to the discussion of the DotNetNuke Web Application Framework.

For the benefit of the community and to protect the integrity of the project, please observe the following posting guidelines:

1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DotNetNuke.
2. Discussion or promotion of DotNetNuke product releases under a different brand name are strictly prohibited.
3. No Flaming or Trolling.
4. No Profanity, Racism, or Prejudice.
5. Site Moderators have the final word on approving/removing a thread or post or comment.
6. English language posting only, please.
 


DNNMasters - modules, consulting, development
DNNMasters developers are involved in DNN development since DNN 1.0.9 and today we offer a broad range of DNN related products and services including custom development of modules, help with ing third party modules for specific needs, general DNN technical support and administrative services.
www.dnnmasters.com 		Cygnusoft Custom Software
Cygnusoft has been providing cutting-edge custom software solutions for 20 years. Cygnusoft is also a leading start-up incubator, helping our partners build successful new businesses.
www.cygnusoft.com 		Digicon: DotNetNuke design and development
Digicon is based in Brisbane, Queensland, Australia
digicon.com.au

DotNetNuke Corporation   Terms Of Use  Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation
Hosted by MaximumASP