form security stuff
George Staikos
staikos at kde.org
Wed Apr 23 23:09:45 CEST 2003
On Wednesday 23 April 2003 08:08, Dirk Mueller wrote:
> On Mon, 21 Apr 2003, George Staikos wrote:
> > Hopefully the wallet will be available soon. The problem is that
> > storing personal information on disk silently is not what all users will
> > expect.
>
> time for a configuration switch to disable completion?
In HTTPS forms? Yes I think so.... However as I said, once the wallet is
done (really, honestly, I hope to finish it by June with the important stuff
maybe even done in May), it can be used to store form data. That's the right
solution imho. You are right, completion is a nice feature especially for
https. It just has to be done with security and privacy in mind.
> > This is still a problem for shared computers. Another problem is that
> > this data could stay for a very long time. You sell your hard disk not
> > knowing that this information was once recorded (and even if it is
> > formatted it is still recoverable).
>
> Do you have an example on pages that allow sensitive data be
> auto-completed?
>
> If yes then I'd like to hear about it.
I don't have one right now, but I have seen them in the past. That's why I
had to disable autocomplete in konqi. I found my CC# on disk at least once,
along with other sensitive information.
--
George Staikos
KDE Developer http://www.kde.org/
Staikos Computing Services Inc. http://www.staikos.net/
More information about the Khtml-devel
mailing list