Highlighted

Is there any option or code change required at NSS to disable Auto Complete in login Console?

Hi

We have NSS 8.1 deployed in Production recently and we would like to know on is there any option or code change required to disable Auto Complete on NSS Login page for Used IDs. We know that Auto Complete can be disabled on the browser side but still wanted to know further on whether it can be disabled in the code itself on the NSS.

Thanks

5 Replies
Highlighted

Re: Is there any option or code change required at NSS to disable Auto Complete in login Console?

Hi,

Browser settings, such as remembering passwords and 'remember me' functionality are controlled by the browser itself - they can be cleared via browser privacy settings.

It is possible to disable this functionality on fields but we left it in to assist our customers (it can be useful to remember passwords).

What is the use case for this request?  We can discuss with our dev team whether disabling password remembering is something that could be controlled via a config file (as we have not yet logged into the system to retrieve any system settings).

 

Thanks,

Ben

Highlighted

Re: Is there any option or code change required at NSS to disable Auto Complete in login Console?

Hi Ben,

Thanks for your reply. We have a recommendation from our Internal Security team to disable it from the application end.

Highlighted

Re: Is there any option or code change required at NSS to disable Auto Complete in login Console?

Hi Ben,

how are you doing?

Remember we worked on a different issue on NSS (port binding to https:// for NSS portal site) and shorted out. This subjected issue also on the same server and seeking your help in find any option available at code or configuration level to disable the Auto Complete option in NSS Web console. This is a Security advice from our internal Securiity Team.

Regards,

Guna

Highlighted

Re: Is there any option or code change required at NSS to disable Auto Complete in login Console?

I will raise with dev and we can add to the list of desired features but it would be something for a future version - as I mentioned previously, it would have to be optional as other customers may be using it so will require some changes to our core config.

As a new feature like this would be targetted for a future version (post 8.2), you will have to find a workaround in the meantime which is likely to be browser-based (the following settings below), or using a hardcoded change to the login page.

Safari:

  1. Click the Safari menu and choose Preferences.
  2. Click the AutoFill icon.
  3. Turn off all the AutoFill web forms settings: “Using info from my contacts”, “User names and passwords”, “Credit cards”, and “Other forms”.

 

Chrome:

  1. Click the Chrome menu in the toolbar and choose Settings.
  2. Click Passwords.
  3. Turn off “Offer to save passwords”.

 

Firefox:

  1. Click the Firefox menu in the toolbar and choose Preferences.
  2. Click Privacy & Security.
  3. Turn off “Remember logins and passwords for websites”.

 

Edge:

  1. Click the “Settings and more” menu and choose Settings.
  2. Scroll to the bottom and click “View advanced settings”.
  3. Scroll to the “Autofill settings” section and turn off “Save passwords”.

 

IE:

  1. Click the Settings menu and choose “Internet options”.
  2. Click the Content tab.
  3. In the AutoComplete section, click Settings.
  4. Turn off “Forms and Searches” and “User names and passwords on forms”, then click OK.


Feel free to send me a direct mail and we can organise a WebEx to investigate a hardcoded change if the above browser settings are not appropriate.

Ben

Highlighted

Re: Is there any option or code change required at NSS to disable Auto Complete in login Console?

Hello Ben,

Thanks for the Update and I will send you a mail for the WebEx to do the hardcoded change on the login page and check.