* Figured out a way to prevent browsers (for now, at least) from treating the node/host login form from saving passwords or pre-filling passwords.

* Updated Get->cgi to not include any passwords in the cgi_string that is recorded for refresh. Signed-off-by: Digimer <digimer@alteeve.ca>
5 years ago · b51f87bdcc
parent db1afb766e
commit b51f87bdcc
3 changed files with 47 additions and 8 deletions
--- a/Anvil/Tools/Get.pm
+++ b/Anvil/Tools/Get.pm
@ -293,8 +293,11 @@ sub cgi
 				$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { "cgi::${variable}::value" => $anvil->data->{cgi}{$variable}{value} }});
 			}
 			
-			# Append to 'sys::cgi_string'
-			$anvil->data->{sys}{cgi_string} .= "$variable=".$anvil->data->{cgi}{$variable}{value}."&";
+			# Append to 'sys::cgi_string', so long as the variable doesn't have 'passwd' or 'password' in it.
+			if (($variable !~ /password/) && ($variable !~ /passwd/))
+			{
+				$anvil->data->{sys}{cgi_string} .= "$variable=".$anvil->data->{cgi}{$variable}{value}."&";
+			}
 		}
 	}
 	
--- a/html/skins/alteeve/anvil.html
+++ b/html/skins/alteeve/anvil.html
@ -74,21 +74,49 @@
 <!-- start host-setup-menu1 -->
 			<table align="center" class="anvil_main_menu">
 				<div id="host-setup">
+				<tr>
+					<td colspan="3">
+						#!string!message_0146!#"
+					</td>
+				</tr>
+				<tr>
+					<td colspan="3">
+						<input type="radio" name="type" value="node" id="node" class="radio" #!variable!node_checked!#> #!string!message_0116!#" <br />
+						<input type="radio" name="type" value="dr" id="dr" class="radio" #!variable!dr_checked!#> #!string!message_0117!#"
+					</td>
+				</tr>
+				<tr>
+					<td colspan="3">
+						&nbsp;
+					</td>
+				</tr>
+				<tr>
+					<td colspan="3">
+						#!string!message_0147!#"
+					</td>
+				</tr>
 				<tr>
 					<td>
-						<input type="text" name="ip_address" id="ip_address" value="#!variable!ip_address!#" autocomplete="off" placeholder="#!string!striker_0024!#" />
+						<input type="text" name="host_ip_address" id="host_ip_address" value="#!variable!ip_address!#" placeholder="#!string!striker_0024!#" />
 					</td>
 					<td>
 						&nbsp;
 					</td>
 					<td>
-						<input type="password" name="password" id="password" value="#!variable!password!#" autocomplete="off" placeholder="#!string!striker_0051!#" />
+						<!-- 
+						This combination of input type text, disk characters and autocomplete=off prevents browsers from pre-filling password and offering to save passwords.
+						-->
+						<input type="text" name="host_password" id="host_password" value="#!variable!password!#" style="text-security:disc; -webkit-text-security:disc;" autocomplete="off" placeholder="#!string!striker_0051!#" />
 					</td>
 				</tr>
 				<tr>
 					<td colspan="3">
-						<input type="radio" name="type" value="node" id="node" class="radio" #!variable!node_checked!#> #!string!message_0116!#" <br />
-						<input type="radio" name="type" value="dr" id="dr" class="radio" #!variable!dr_checked!#> #!string!message_0117!#"
+						&nbsp;
+					</td>
+				</tr>
+				<tr>
+					<td colspan="3">
+						#!string!message_0148!#"
 					</td>
 				</tr>
 				<tr>
@ -99,12 +127,17 @@
 						&nbsp;
 					</td>
 					<td>
-						<input type="password" name="rh_password" id="rh_password" value="#!variable!rh_password!#" placeholder="#!string!message_0145!#" />
+						<input type="text" name="rh_password" id="rh_password" value="#!variable!rh_password!#" style="text-security:disc; -webkit-text-security:disc;" autocomplete="off" placeholder="#!string!message_0145!#" />
+					</td>
+				</tr>
+				<tr>
+					<td colspan="3">
+						&nbsp;
 					</td>
 				</tr>
 				<tr>
 					<td colspan="3">
-						<input type="submit" name="login" id="login" class="button" value="#!string!striker_0049!#">
+						<input type="submit" name="connect" id="connect" class="button" value="#!string!striker_0049!#">
 					</td>
 				</tr>
 				</div>
--- a/share/words.xml
+++ b/share/words.xml
@ -250,6 +250,9 @@ About to try to download aproximately: [#!variable!packages!#] packages needed t
 		<key name="message_0143">The zone: [#!variable!zone!#]'s user-land file: [#!variable!file!#] exists. Skipping checking the configuration of this zone.</key>
 		<key name="message_0144">Red Hat user</key>
 		<key name="message_0145">Red Hat password</key>
+		<key name="message_0146">What kind of machine will this host be?</key>
+		<key name="message_0147"><![CDATA[What is the host's <b>current</b> IP address and password?]]></key>
+		<key name="message_0148"><![CDATA[(Optional); If this is a RHEL 8 host and has not yet been subscribed,<br />you can enter your Red Hat subscription credentials below.<br />If needed, the host will be subscribed during setup.]]></key>
 		
 		<!-- Log entries -->
 		<key name="log_0001">Starting: [#!variable!program!#].</key>