[whatwg] [WF2] Objection to autocomplete Attribute

Lachlan Hunt wrote:
> Ian Hickson wrote:
>>Web authors have, IMHO, a legitimate reason to try to protect their users
>>from mis-configured public terminals.
> 
> This issue could be addressed by making user agents much easier to 
> configure for public terminals.  eg. The user agent vendor could provide 

It's not just user agents that *must* be configured for public 
terminals. It doesn't matter if the UA is "?beragent for public 
terminals 2.15" if any user can install additional software to that 
given public terminal. If any user can mess with the settings of the 
user agent (turn the "autocomplete" support off so that every field 
is remembered), they probably can also *replace* the whole user 
agent with a lookalike - and perhaps that lookalike doesn't just 
remember stuff, but instead sends information to remote storage 
immediately.

> The point is that there should be *no reason* for an 
> author to take on the responsibility of the user/system administrator 
> and the user agent vendor.

My thoughts exactly. If you cannot *trust* the administrator of a 
public terminal, you cannot handle any sensitive data with it. 
Period. No matter if user agent supports autocomplete attribute or not.

As an web application author I consider every HTTP request as 
hostile unless proven otherwise. Always assume every bit that comes 
from UA is forged. You cannot write secure application otherwise.

I think the whole "required" autocomplete feature is just some banks 
turning their backs to the real problem. So that if they end up in 
court, they can claim that they did their best and the whole problem 
is user agent verdor's fault.

My bank uses one-shot passwords for web access - it really doesn't 
matter if browser remembers the already used one.

-- 
Mikko

Received on Tuesday, 29 March 2005 01:39:46 UTC