- From: Mikko Rantalainen <mikko.rantalainen@peda.net>
- Date: Tue, 29 Mar 2005 12:39:46 +0300
Lachlan Hunt wrote: > Ian Hickson wrote: >>Web authors have, IMHO, a legitimate reason to try to protect their users >>from mis-configured public terminals. > > This issue could be addressed by making user agents much easier to > configure for public terminals. eg. The user agent vendor could provide It's not just user agents that *must* be configured for public terminals. It doesn't matter if the UA is "?beragent for public terminals 2.15" if any user can install additional software to that given public terminal. If any user can mess with the settings of the user agent (turn the "autocomplete" support off so that every field is remembered), they probably can also *replace* the whole user agent with a lookalike - and perhaps that lookalike doesn't just remember stuff, but instead sends information to remote storage immediately. > The point is that there should be *no reason* for an > author to take on the responsibility of the user/system administrator > and the user agent vendor. My thoughts exactly. If you cannot *trust* the administrator of a public terminal, you cannot handle any sensitive data with it. Period. No matter if user agent supports autocomplete attribute or not. As an web application author I consider every HTTP request as hostile unless proven otherwise. Always assume every bit that comes from UA is forged. You cannot write secure application otherwise. I think the whole "required" autocomplete feature is just some banks turning their backs to the real problem. So that if they end up in court, they can claim that they did their best and the whole problem is user agent verdor's fault. My bank uses one-shot passwords for web access - it really doesn't matter if browser remembers the already used one. -- Mikko
Received on Tuesday, 29 March 2005 01:39:46 UTC