Skip to Main Content
IBM Data and AI Ideas Portal for Customers


This portal is to open public enhancement requests against products and services offered by the IBM Data & AI organization. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:


Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,


Post your ideas

Post ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

IBM Employees should enter Ideas at https://ideas.ibm.com


Status Submitted
Workspace Spectrum Conductor
Components Version 2.5.1
Created by Guest
Created on Nov 4, 2024

Allow option for or default option to turn "autocomplete" flag to off for password authentication in regards to the Jupyter notebooks

It is a low priority security vulnerability for web servers to allow password auto-completion.   In most apps,  this is a pretty simple fix,   to configure the option to allow "autocomplete" to set to off.  When I opened a ticket with IBM,  their was not a fix for this at this time for spectrum conductor,  and their workaround is to modify the web browser settings.   This does not satisfy the vulnerability,   nor is it ideal in a large business where there are multiple endpoints connecting.

 

The fix:

Add the attribute 'autocomplete=off' to these fields to prevent browsers from caching credentials.

Further details:

"While this does not represent a risk to this web server per se, it does mean that users who use the affected forms may have their credentials saved in their browsers, which could in turn lead to a loss of confidentiality if any of them use a shared host or if their machine is compromised at some point."

Needed By Yesterday (Let's go already!)