OpenStack Dashboard (Horizon)

Default setting should be secure

Bug #1420863 reported by Brant Knudson on 2015-02-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack + Chef	Fix Released	High	Mark Vanderwiel	OpenStack + Chef kilo-rc1
	OpenStack Dashboard (Horizon)	Fix Released	High	Brant Knudson	OpenStack Dashboard (Horizon) 2015.1.0 "kilo"

Bug Description

Horizon has some instructions for setting it up in a secure way[1]. These settings should be the default.

[1] http://docs.openstack.org/developer/horizon/topics/deployment.html#secure-site-recommendations

Tags:

OpenStack Infra (hudson-openstack) on 2015-02-11

Changed in horizon:
assignee:	nobody → Brant Knudson (blk-u)
status:	New → In Progress

Mark Vanderwiel (vanderwl) on 2015-02-11

tags:	added: dashboard
Changed in openstack-chef:
assignee:	nobody → Mark Vanderwiel (vanderwl)
importance:	Undecided → High
milestone:	none → juno-rc1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-11: Fix proposed to cookbook-openstack-dashboard (master)

Fix proposed to branch: master
Review: https://review.openstack.org/154976

Changed in openstack-chef:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-11: Fix merged to horizon (master)

Reviewed: https://review.openstack.org/154943
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=7bd87acdd07f0718e32221525ff54a188f8cecb8
Submitter: Jenkins
Branch: master

commit 7bd87acdd07f0718e32221525ff54a188f8cecb8
Author: Brant Knudson <email address hidden>
Date: Wed Feb 11 10:38:58 2015 -0600

Set the password_autocomplete default to "off"

    It's safer to set the autocomplete option to "off" for passwords
    so that browsers get the hint to not save it. The default should
    be secure so that deployers need to make a conscious decision to
    be less-secure.

This is for security hardening.

SecurityImpact

Closes-Bug: 1420863

Change-Id: If2c3439cf23b11dd7829a4d7866d3b21409a7d69

Changed in horizon:
status:	In Progress → Fix Committed

Akihiro Motoki (amotoki) on 2015-02-15

Changed in horizon:
importance:	Undecided → High
milestone:	none → kilo-3

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-18: Fix merged to cookbook-openstack-dashboard (master)

Reviewed: https://review.openstack.org/154976
Committed: https://git.openstack.org/cgit/stackforge/cookbook-openstack-dashboard/commit/?id=9eed38ca508e3fb6cdb4390cf504ae211bc9a665
Submitter: Jenkins
Branch: master

commit 9eed38ca508e3fb6cdb4390cf504ae211bc9a665
Author: Mark Vanderwiel <email address hidden>
Date: Wed Feb 11 11:47:09 2015 -0600

Change the default for password_autocomplete to off

    For better default security, change the default to off
    for password autocomplete. Base openstack horizon is also
    making this change soon.

Change-Id: Ie46dd5b5e5d65dd4bfa298a4c2d571cf13b94812
Closes-Bug: #1420863

Changed in openstack-chef:
status:	In Progress → Fix Released

Thierry Carrez (ttx) on 2015-03-19

Changed in horizon:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2015-04-30

Changed in horizon:
milestone:	kilo-3 → 2015.1.0

Mark Vanderwiel (vanderwl) on 2015-04-30

Changed in openstack-chef:
milestone:	none → kilo-rc1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-08-25: Fix included in openstack/cookbook-openstack-dashboard ocata-eol

This issue was fixed in the openstack/cookbook-openstack-dashboard ocata-eol release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.