Disable Client side caching of User Credentials

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Disable Client side caching of User Credentials

Tushar Jain

Hi,

 

Looking for a way to disable storage of user credentials in the browser. The user can select to save the credentials in the browser accidently or unknowingly. And if it is a shared computer, anyone who opens the login page again, can just select the username and the password automatically gets displayed in the password box. Want to disable this auto-complete feature from Guacamole itself, something similar to what happens on net banking sites

 

 

Thanks,

Tushar Jain


Disclaimer: This message and any attachment may contain confidential, proprietary information and is intended only for the individual named. If you are not the original intended recipient and have erroneously received this message, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Hitachi MGRM Net E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Hitachi MGRM Net therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required, please request a hard-copy version. Hitachi MGRM Net Ltd, C - 6/5, Safdarjung Development Area, New Delhi - 110016, India

'Please consider the environment before printing this e-mail'.
Reply | Threaded
Open this post in threaded view
|

Re: Disable Client side caching of User Credentials

Ghost_Knight
If I am reading this correctly this is more of a browser setting issue.

I would look at things like this:
https://support.dashlane.com/hc/en-us/articles/360000051065-How-to-turn-off-the-built-in-password-manager-in-your-browser

A more officially recognized reference here that talks about this:
https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion#The_autocomplete_attribute_and_login_fields



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: Disable Client side caching of User Credentials

Tushar Jain
Thanks for your response.

I want to achieve this from Guacamole itself than leaving it on the user to
configure their browsers, something similar to what most banking site do.  

Your 2nd link talk about disabling "auto-complete" from the web-page itself.
That is what actually I am looking for, but I am not sure how to achieve the
same in guacamole login page.

Thanks,
Tushar

-----Original Message-----
From: Ghost_Knight [mailto:[hidden email]]
Sent: 12 June 2020 04:02 PM
To: [hidden email]
Subject: Re: Disable Client side caching of User Credentials

If I am reading this correctly this is more of a browser setting issue.

I would look at things like this:
https://support.dashlane.com/hc/en-us/articles/360000051065-How-to-turn-off-
the-built-in-password-manager-in-your-browser

A more officially recognized reference here that talks about this:
https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Tur
ning_off_form_autocompletion#The_autocomplete_attribute_and_login_fields



--
Sent from:
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]



--
**Disclaimer:* This message and any attachment may contain confidential,
proprietary information and is intended only for the individual named. If
you are not the original intended recipient and have erroneously received
this message, you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system. Hitachi MGRM Net
E-mail transmission cannot be guaranteed to be secure or error-free as
information could be intercepted, corrupted, lost, destroyed, arrive late
or incomplete, or contain viruses. Hitachi MGRM Net therefore does not
accept liability for any errors or omissions in the contents of this
message, which arise as a result of e-mail transmission. If verification is
required, please request a hard-copy version. Hitachi MGRM Net Ltd, C -
6/5, Safdarjung Development Area, New Delhi - 110016, India*
*
*
*'Please
consider the environment before printing this e-mail'.*

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Disable Client side caching of User Credentials

Paulo Gonçalves
In reply to this post by Tushar Jain

It is possible to add an attribute to the form or the field so that the browser does not cache it.
Perhaps it can become a configuration of Guacamole.

https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion

---
Paulo Alexandre Figueiredo Gonçalves
Departamento de Tecnologias de Informação e Comunicação (DTIC)
Tel. Interno: 301103 | [hidden email]
Rua da Misericórdia, Lagar dos Cortiços
S. Martinho do Bispo,
3045 -093 Coimbra
www.ipc.pt | [hidden email] | +351 239 791 250


A 2020-06-12 10:42, Tushar Jain escreveu:

Hi,

 

Looking for a way to disable storage of user credentials in the browser. The user can select to save the credentials in the browser accidently or unknowingly. And if it is a shared computer, anyone who opens the login page again, can just select the username and the password automatically gets displayed in the password box. Want to disable this auto-complete feature from Guacamole itself, something similar to what happens on net banking sites

 

 

Thanks,

Tushar Jain


Disclaimer: This message and any attachment may contain confidential, proprietary information and is intended only for the individual named. If you are not the original intended recipient and have erroneously received this message, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Hitachi MGRM Net E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Hitachi MGRM Net therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required, please request a hard-copy version. Hitachi MGRM Net Ltd, C - 6/5, Safdarjung Development Area, New Delhi - 110016, India
 
'Please consider the environment before printing this e-mail'.
Reply | Threaded
Open this post in threaded view
|

Re: Disable Client side caching of User Credentials

Ghost_Knight
It certainly could be a configuration option!

If you need the support immediately I would say that you should use the
Guacamole extension framework to write your own login form and add the
necessary attribute that way.

To point out - at the bottom of that MDN entry it say "This is a hint, which
browsers are not required to comply with." - just want to make sure that you
are aware that it is not a silver bullet solution.



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]