[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    Re: Outstanding critical issue for KDE 2.2
From:       Kurt Granroth <granroth () suse ! com>
Date:       2001-08-01 21:01:15
[Download RAW message or body]

On Wednesday 01 August 2001 01:18 pm, Malte Starostik wrote:
> Forms can use an attibute ("nocomplete" IIRC, dunno exactly) to disable
> completion for some fields. That attribute is honoured by both IE and
> KHTML, any other text field is completed. But I agree, information entered
> into SSL forms should not be stored.

Actually, you agree to something I did not say ;-)  I *like* having the 
autocompletion even in SSL forms.  90% of entries on SSL forms are name, 
email address, snail address, and the like.  Those are a PITA to write 
everytime so the autocompletion is a huge timesaver.  Those entries are also 
fairly public in that I don't mind if anybody sees them.

I will admit that it's disconcerting to see credit card numbers written to 
the formcompletions cache, though.  Sure, those sites are "broken".. but 
that's not much of an excuse.

On the other hand, there *is* some modicum of security still in place.  My 
$HOME/.kde2 directory and formcompletions file are readable only by me (and 
root).  If somebody were to crack my system, then the info stored in 
formcompletions would be the least of my worries since I also store all of my 
passwords to all of the ecommerce sites I go to on my computer.

Hmm... 
-- 
Kurt Granroth            | http://www.granroth.org
KDE Developer/Evangelist | SuSE Labs Open Source Developer
granroth@kde.org         | granroth@suse.com
            KDE -- Conquer Your Desktop

[prev in list] [next in list] [prev in thread] [next in thread]