[
https://issues.apache.org/jira/browse/SOLR-15248?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17299777#comment-17299777
]
Shawn Heisey commented on SOLR-15248:
-------------------------------------
I don't see any problem with this change. But the fact that you are worried
about this tells me you have some security problems that Solr cannot address.
The only way that an unauthorized user could even see previous usernames is if
they have access to your systems they should not have.
That autocomplete data is saved by the browser, not Solr. So if you have
somebody unauthorized seeing usernames, they have to have access to the same
browser under the same client OS user account that was used by the authorized
user. If unauthorized users have that kind of access, it's a really big
security issue.
> Remove login autocomplete
> -------------------------
>
> Key: SOLR-15248
> URL: https://issues.apache.org/jira/browse/SOLR-15248
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Lillie Hammer
> Priority: Minor
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Remove autocomplete which currently allows you to see who had logged in
> previously.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
