form security stuff
George Staikos
staikos at kde.org
Fri Apr 18 21:01:53 CEST 2003
On Friday 18 April 2003 19:32, Dirk Mueller wrote:
> On Fre, 18 Apr 2003, Darin Adler wrote:
> > Like WinIE, we now don't save anything on a page that includes a secure
> > form or a password field. I don't just mean that we don't store the
> > user-entered input, but rather that we don't store these pages in the
> > cache at all. That's because such pages often contain information about
> > the user, not just typed into the fields but in the default values and
> > outside the form itself.
>
> Point taken, we should merge this. However, the part I don't get: Why did
> you implement it in such a complicated way? IMHO its enough to add a bool
> "dontCacheThisPage" to either document or the page cache entry, and set it
> to true if we encounter a password field or a https form during
> saveState().
Isn't this effectively the same situation that caused a huge long thread on
kde-core-devel over a year ago? This is the behaviour I want anyways, so I'm
happy.
We'll have to enhance for KWallet again too.
--
George Staikos
KDE Developer http://www.kde.org/
Staikos Computing Services Inc. http://www.staikos.net/
More information about the Khtml-devel
mailing list