[whatwg] [WF2] Objection to autocomplete Attribute
Mikko Rantalainen
mikko.rantalainen at peda.net
Tue Mar 29 01:39:46 PST 2005
Lachlan Hunt wrote:
> Ian Hickson wrote:
>>Web authors have, IMHO, a legitimate reason to try to protect their users
>>from mis-configured public terminals.
>
> This issue could be addressed by making user agents much easier to
> configure for public terminals. eg. The user agent vendor could provide
It's not just user agents that *must* be configured for public
terminals. It doesn't matter if the UA is "Überagent for public
terminals 2.15" if any user can install additional software to that
given public terminal. If any user can mess with the settings of the
user agent (turn the "autocomplete" support off so that every field
is remembered), they probably can also *replace* the whole user
agent with a lookalike - and perhaps that lookalike doesn't just
remember stuff, but instead sends information to remote storage
immediately.
> The point is that there should be *no reason* for an
> author to take on the responsibility of the user/system administrator
> and the user agent vendor.
My thoughts exactly. If you cannot *trust* the administrator of a
public terminal, you cannot handle any sensitive data with it.
Period. No matter if user agent supports autocomplete attribute or not.
As an web application author I consider every HTTP request as
hostile unless proven otherwise. Always assume every bit that comes
from UA is forged. You cannot write secure application otherwise.
I think the whole "required" autocomplete feature is just some banks
turning their backs to the real problem. So that if they end up in
court, they can claim that they did their best and the whole problem
is user agent verdor's fault.
My bank uses one-shot passwords for web access - it really doesn't
matter if browser remembers the already used one.
--
Mikko
More information about the whatwg
mailing list