Idea off the top of my head - please tell me why it won't work.
Could we parse all form submissions over unencrypted channels and put up an alert ("You _really_ don't want to do this!") if any of the fields was a sixteen-digit number which passed the credit-card-number checksum algorithm?
A credit card number can be as long as 19, 6 for the issuer, 12 for the account number and 1 for the checksum.
OK, so some places have four boxes for four digits each, but with clever coding, we might be able to catch that version too.
Gerv
_______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
