We have NSS 8.1 deployed in Production recently and we would like to know on is there any option or code change required to disable Auto Complete on NSS Login page for Used IDs. We know that Auto Complete can be disabled on the browser side but still wanted to know further on whether it can be disabled in the code itself on the NSS.
Browser settings, such as remembering passwords and 'remember me' functionality are controlled by the browser itself - they can be cleared via browser privacy settings.
It is possible to disable this functionality on fields but we left it in to assist our customers (it can be useful to remember passwords).
What is the use case for this request? We can discuss with our dev team whether disabling password remembering is something that could be controlled via a config file (as we have not yet logged into the system to retrieve any system settings).
Thanks for your reply. We have a recommendation from our Internal Security team to disable it from the application end.
how are you doing?
Remember we worked on a different issue on NSS (port binding to https:// for NSS portal site) and shorted out. This subjected issue also on the same server and seeking your help in find any option available at code or configuration level to disable the Auto Complete option in NSS Web console. This is a Security advice from our internal Securiity Team.
I will raise with dev and we can add to the list of desired features but it would be something for a future version - as I mentioned previously, it would have to be optional as other customers may be using it so will require some changes to our core config.
As a new feature like this would be targetted for a future version (post 8.2), you will have to find a workaround in the meantime which is likely to be browser-based (the following settings below), or using a hardcoded change to the login page.
Feel free to send me a direct mail and we can organise a WebEx to investigate a hardcoded change if the above browser settings are not appropriate.
Thanks for the Update and I will send you a mail for the WebEx to do the hardcoded change on the login page and check.