MarBed190 opened a new issue, #44019: URL: https://github.com/apache/airflow/issues/44019
### Description Currently, the password input fields in Apache Airflow's login forms do not have the autocomplete attribute set to off. This allows browsers to store passwords entered by users, which poses a potential security risk—especially when accessing Airflow from shared or public computers. To enhance security and adhere to best practices for handling sensitive information, the autocomplete attribute should be disabled for all password fields in form-based authentication. ### Use case/motivation As an employee responsible for the security of our corporate IT systems that utilize Apache Airflow, I want to enhance the protection of user credentials by disabling the autocomplete feature on password fields. This change will make our systems more secure for all users by preventing browsers from storing sensitive passwords, which could be exploited if a device is compromised or shared. Additionally, implementing this fix will ensure that our automated security scanners no longer flag this issue, helping us maintain compliance with our organization's security policies and reducing the overhead of managing reported vulnerabilities. ### Related issues _No response_ ### Are you willing to submit a PR? - [ ] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
