Is it possible to modify the login.vm file (https://confluence.atlassian.com/display/DOC/Customising+the+Login+Page) so that the os_password input box contains the attribute autocomplete="off" ?
<input type="password" name="os_password" id="os_password" class="password " autocomplete="off"/>
For good measure, you may want to add the attribute autocapitalize="off" and autocorrect="off" to the os_username field, to control automatic correction or capitalization on iOS devices
<input type="text" name="os_username" id="os_username" class="text " data-focus="0" autocapitalize="off" autocorrect="off"/>
It is not a big problem for you to remove all saved passwords on your browsers if you have a step-by-step guide. I found this useful guide to disable Autocomplete Password in Browser which may be helpful for you, too.
I belive John's answer about editing the .vm is still correct, you can embed something to try to disable autocomplete in the login.
But, browsers are still completely free to ignore it. I'm afraid you might want to have another look at the PCI compliance rules you've got - they can't demand something that simply can't be enforced. My browser regularly overrides it on several sites, and I'd probably do the same if someone inflicted it on Confluence/Jira etc.
Thanks Nick. Looking at JIRA I find include/loginform.jsp which contains the password input. Am I correct in assuming that I can change this file and just have to remember to reapply the change after maintenance or upgrades?
I'm still looking for the correct place to make the change in Stash if you can point that out.
Fortunately I am only responsible for getting the servers to pass the audit. Client behavior is out of scope.
Yeah, that's the one and the method. I don't know Stash code well enough, sorry. (Still not sure it's in the slightest bit worth doing, as "compliance" doesn't matter where it can be bypassed, it's still an issue, but hey)
Hi my Community friends! For those who don't know me, I'm a product marketer on the Confluence Cloud team - nice to meet you! For those of you who do, you know that I've been all up in your Co...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs