![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
ventaAn question about web forms and security...
When filling in forms (I use FireFox), it's often possible to hit the down arrow and get a list of things you previously typed into that field. This is kind of handy, mostly, and results in me not having to type my name or email address out a lot.
Forms taking things like credit card details don't usually do this - for obvious reasons - and I assume the existence of some sort of 'nocache' attribute which the form-writer can set on the fields which contain information which should be a little more secure.
Except today I filled in an entire payment form (card number, expiry date, security code, the lot) from cached information based on me having filled the same form out on that website months ago. This strikes me as Not Good.
I intend to write to the site in question and tell them I think they're a bit rubbish... but I'd like to be sure I know what I'm talking about first. Am I right about the form attribute ? Am I totally wrong, and this is something which FireFox implements wrongly and the site itself can't be blamed for ?
Informed opinion welcome :)
When filling in forms (I use FireFox), it's often possible to hit the down arrow and get a list of things you previously typed into that field. This is kind of handy, mostly, and results in me not having to type my name or email address out a lot.
Forms taking things like credit card details don't usually do this - for obvious reasons - and I assume the existence of some sort of 'nocache' attribute which the form-writer can set on the fields which contain information which should be a little more secure.
Except today I filled in an entire payment form (card number, expiry date, security code, the lot) from cached information based on me having filled the same form out on that website months ago. This strikes me as Not Good.
I intend to write to the site in question and tell them I think they're a bit rubbish... but I'd like to be sure I know what I'm talking about first. Am I right about the form attribute ? Am I totally wrong, and this is something which FireFox implements wrongly and the site itself can't be blamed for ?
Informed opinion welcome :)
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2010-06-08 10:57 am (UTC)I believe it is to be included in HTML 5.
no subject
Date: 2010-06-08 11:04 am (UTC)I had this revelation once shortly after the Netscape "extensions" to HTML first came out. At first I thought they were evil. Then I realised it didn't matter whether they were evil or not, because individual web developers were free to use them or not as they chose and therefore they were an instant de-facto standard on account of being useful. (Whether Netscape themselves were evil for adding them in the first place is a more complex matter...)
no subject
Date: 2010-06-08 11:10 am (UTC)no subject
Date: 2010-06-08 11:13 am (UTC)no subject
Date: 2010-06-08 11:14 am (UTC)no subject
Date: 2010-06-08 11:15 am (UTC)no subject
Date: 2010-06-08 11:15 am (UTC)(Although... isn't JavaScript considered a bit web!satanic by such persons? I'm a bit out of touch.)
no subject
Date: 2010-06-08 11:13 am (UTC)I agree, I'm perfectly happy to use de facto standards myself; I figure that's between me and my users. But I can sympathize with the pained expression that some people develop when they see such things.
no subject
Date: 2010-06-08 11:07 am (UTC)HTML 5 is one of those more final than it ought to be working drafts :-)