While login to any website by passing username and password then browser will ask to remember or save password, if we click on YES then the credentials will be saved in the plain text format. So it can be easily retrievable. It leads to security issue.
To fix it we need to add autocomplete feature for sensitive data in the form in HTML or JSP as follows.
<input type="password" autocomplete="off" name="pwd"/>
Even After adding the above attribute, browser will be asking remember or save password but when we click on YES then the above attribute override browser settings. So the credentials will not be saved.
If we want enable autocomplete off for all attribute then we have to add the above attribute in the form level as follows.
<form autocomplete="off" name="loginform">
Then entire form parameters will be autocomplete off.
I hope you understood, A local adversary can steal password from the autocomplete feature of the browser. Please leave a comment or reply.
Hello! I am Narayanaswamy founder and admin of narayanatutorial.com. I have been working in the IT industry for more than 12 years. NarayanaTutorial is my web technologies blog. My specialties are Java / J2EE, Spring, Hibernate, Struts, Webservices, PHP, Oracle, MySQL, SQLServer, Web Hosting, Website Development, and IAM(ForgeRock) Specialist
I am a self-learner and passionate about training and writing. I am always trying my best to share my knowledge through my blog.
