DC 5.2.0 5.2 Disabling Remember me
- Magnus Frank
- Anonymous
Owned by Magnus Frank
Mar 27, 2019
1 min read
Loading data...
Context:
The DAM Center has implemented Remember me functionality by adding the user's credentials to a cookie. That is a security flaw, although probably not that serious.
Solution:
A new config meta field has been added to Config parameters: "Enable Remember me".
Its default setting is true, i.e. Remember me is till enabled out-of-the-box.
If you have a client that's very strict with their IT security, you can then disable Remember me by removing the check mark.
Impact:
There's not much of an impact, as the user still has a session in the API, i.e. refreshing the DAM Center website doesn't log the user out.
Most browsers have an option to remember a user's credentials, either built in or via extensions.