- From: Gavin Sharp <gavin@gavinsharp.com>
- Date: Wed, 1 Oct 2014 16:34:19 -0700
- To: Peter Kasting <pkasting@google.com>
- Cc: Dan Poltawski <dan@moodle.com>, WHATWG <whatwg@lists.whatwg.org>
On Wed, Oct 1, 2014 at 4:17 PM, Peter Kasting <pkasting@google.com> wrote: > So, you're doing both of the following? > * Using a password field for (sometimes) things that aren't passwords > * Storing (potentially) sensitive data in the clear yourself, and sending > it (again, in the clear) to other accounts/machines I probably shouldn't speak for Dan, but I think you're misunderstanding the use case here (particularly with characterization #2). The data being intentionally stored in these fields is not "sensitive", in the sense that it can't be shared in the clear to other users (teachers), it just needs to not be displayed on the screen (where it can be viewed by students). That browsers now automatically go fill in sensitive data (passwords) into these password fields is the issue, because people might not notice that happening and then submit the form. Gavin
Received on Wednesday, 1 October 2014 23:34:51 UTC