[prev in list] [next in list] [prev in thread] [next in thread]
List: kfm-devel
Subject: Re: Outstanding critical issue for KDE 2.2
From: Malte Starostik <malte () kde ! org>
Date: 2001-08-01 21:18:01
[Download RAW message or body]
Am Mittwoch, 1. August 2001 23:01 schrieb Kurt Granroth:
> On Wednesday 01 August 2001 01:18 pm, Malte Starostik wrote:
> > Forms can use an attibute ("nocomplete" IIRC, dunno exactly) to disable
> > completion for some fields. That attribute is honoured by both IE and
> > KHTML, any other text field is completed. But I agree, information
> > entered into SSL forms should not be stored.
>
> Actually, you agree to something I did not say ;-) I *like* having the
> autocompletion even in SSL forms. 90% of entries on SSL forms are name,
> email address, snail address, and the like. Those are a PITA to write
> everytime so the autocompletion is a huge timesaver. Those entries are
> also fairly public in that I don't mind if anybody sees them.
Good point actually, now I agree with something you did say ;}
> I will admit that it's disconcerting to see credit card numbers written to
> the formcompletions cache, though. Sure, those sites are "broken".. but
> that's not much of an excuse.
Hmm, yes, they should turn off autocompletion for those fields...
> On the other hand, there *is* some modicum of security still in place. My
> $HOME/.kde2 directory and formcompletions file are readable only by me (and
> root). If somebody were to crack my system, then the info stored in
> formcompletions would be the least of my worries since I also store all of
> my passwords to all of the ecommerce sites I go to on my computer.
Alright, what remains is those "broken" sites. OTOH the whole thing is an IE
extension and not all sites are "developed for IE", even if most are.
I'd personally prefer a confirmation message box before storing completion
items for SSL secured sites. As this is not possible, I consider it the
safest way to disable completion there. Grr, disagreeing to myself again :)
<evilremark>And well, I don't have a CC, so actually, why bother at
all</evilremark>
Thing is, we probably will get bug reports if we blindly store such data into
formcompletions........
Please, someone help fix my confusion now :)
--
Malte Starostik
PGP: 1024D/D2F3C787 [C138 2121 FAF3 410A 1C2A 27CD 5431 7745 D2F3 C787]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic