cancel
Showing results for 
Search instead for 
Did you mean: 

Don't save user Id field in the login page for reference

akash251998
Star Contributor
Star Contributor

When wo do login in alfresco it automatically saves the user name for future reference . I am attaching the pic for better understanding of the issue.

Pic 1:

imageerror

As in the above pic we can see that on typing a it is giving n number of username of DMS that starts with the name a.

Pic 2:

imageerr

As in the above pic we can see that on typing s it is suggesting n number of user name.

Our requirement is that we don't want username to be stored like this. Because anyone can type any key and use the user id and can try to login . Its a security issue . So i want that it should not store any information like username for later  reference.

System information :-

I am using alfresco 5.2 community version on windows 10 pro. Please suggest any solution.

Dear @EddieMay  hope this time also you will help.

Regards 

Akash D

1 ACCEPTED ANSWER

EddieMay
World-Class Innovator
World-Class Innovator

Hi @akash251998,

Login forms remembering usernames is pretty common in my experience & not something I'd immediately see as a vulnerability, especially if the system is not public facing. Also, many Alfresco instances are used with some form of single sign on system too.

However, if you want to remove the remember functionality, you will need to override the login page & add  autocomplete=“off” to the username field. You may also need to remove reset cookies on logging out to prevent the username being auto populated. 

Here's a tutorial on overrriding the login page -  hope this helps.

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!

View answer in original post

2 REPLIES 2

EddieMay
World-Class Innovator
World-Class Innovator

Hi @akash251998,

Login forms remembering usernames is pretty common in my experience & not something I'd immediately see as a vulnerability, especially if the system is not public facing. Also, many Alfresco instances are used with some form of single sign on system too.

However, if you want to remove the remember functionality, you will need to override the login page & add  autocomplete=“off” to the username field. You may also need to remove reset cookies on logging out to prevent the username being auto populated. 

Here's a tutorial on overrriding the login page -  hope this helps.

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!

Thanks @EddieMay  for your help as always.