Thursday, January 05, 2006

Quick thought before bed

I've heard it said that the biggest security hole in any system is the one between the keyboard and the chair. People (or at least a lot of people) need to be kinda protected from themselves. Particularly when it comes to 'all that technical stuff' like computers. Which is a shame, considering how ubiquitous they've become.

Here's a really tiny thought, but one that only occurred to me today.

Would it really be that hard to have a header or a flag or something on a web page that told the browser that under no circumstances should they cache, autocomplete, or in any way retain on the computer and values put into a form?

Just occurred to me today when Firefox autocompleted my bank details and password when I was paying some bills online.

Don't get me wrong, most of the websites I go to that need authentication have their username and passwords autocompleted. I love it. I'm even right down with Firefox's domain-level password remembering stuff (so if your site of choice puts its session ID in the URL, it'll still complete your details). But there are just some places that I really don't want to be able to do it, event if I wanted to!

PS - Yes, it's fixed now. I was in a rush one time to see my bank statement for various reasons, working on a brand new machine that I hadn't configured yet, so that's why all the details were there. But very few people I know even know how to clear their saved passwords.

Just wanted to share. I'm off to bed.

No comments: