[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    Re: Outstanding critical issue for KDE 2.2
From:       David Bishop <david () bishop ! dhs ! org>
Date:       2001-08-01 22:21:06
[Download RAW message or body]

On Wednesday 01 August 2001 02:18 pm, Malte Starostik wrote:
> Am Mittwoch, 1. August 2001 23:01 schrieb Kurt Granroth:
> > On Wednesday 01 August 2001 01:18 pm, Malte Starostik wrote:
> > > Forms can use an attibute ("nocomplete" IIRC, dunno exactly) to disable
> > > completion for some fields. That attribute is honoured by both IE and
> > > KHTML, any other text field is completed. But I agree, information
> > > entered into SSL forms should not be stored.
> >
> > Actually, you agree to something I did not say ;-)  I *like* having the
> > autocompletion even in SSL forms.  90% of entries on SSL forms are name,
> > email address, snail address, and the like.  Those are a PITA to write
> > everytime so the autocompletion is a huge timesaver.  Those entries are
> > also fairly public in that I don't mind if anybody sees them.
>
> Good point actually, now I agree with something you did say ;}
>
> > I will admit that it's disconcerting to see credit card numbers written
> > to the formcompletions cache, though.  Sure, those sites are "broken"..
> > but that's not much of an excuse.
>
> Hmm, yes, they should turn off autocompletion for those fields...

Or, I know that there are javascript implementations that can verify the 
fields of a form a correctly filed out before submission (make sure the 
credit card number you put in is actually a credit card number).  We could 
just run that same algorithm on any ssl-enabled form (or form with an ssl 
target) and any fields that match, don't store.  For completeness, on any 
form that matched wrt the cc check, also disable anything that looks like a 
date.  But the basic "is this a cc or not" check is simple enough to do in 
js, so I'm sure all you big shot c++ coders will be able to figure it out ;-)

HTH,

D.A.Bishop

[prev in list] [next in list] [prev in thread] [next in thread]