Re: Clearing private data -- do it now!

Fri, 01 Oct 2010 11:28:35 -0700 

Beauregard T. Shagnasty wrote:

Paul B. Gallagher wrote:


... I poked around and couldn't find any way to
prohibit it from storing info entered in this field or at this site,
so I ended up with the heavy-handed solution of purging ALL saved
data, which will be a safe inconvenience.

I've now disabled this dangerous feature (after ten minutes of
searching for the checkbox in the prefs -- it was just as hard to
find as last time), because

a) It never warned me that it was saving credit card info;


It wasn't.


Why make false statements?  (Even if the browser doesn't _know_ that it
wass saving credit card info, it was saving credit card info, just as
Paul wrote.)

> It merely saves formfield data. It doesn't know it's a credit

card. It's just text to the browser.

> ...



c) There seems to be no way to inspect or edit saved data, so I can't
even be sure SeaMonkey really did purge the data.


You could check by revisiting the site and see if your data shows up on
the form.


That depends on that site's still being accessible and still being
the same.  Being able to check your saved data shouldn't depend on
something external like that.




As far as I'm concerned, this is a major security hole that should be
fixed as soon as possible.


If saving form data was removed, a lot of folks would be unhappy. It's
not a security "hole" and the behaviour will not be altered.


Not being able to see your data reasonably is a security risk.  (If you
don't know what's in it, you can't know what level of protection you
really want to apply to it, and you can't remove data that's more
sensitive than the level of protection you have.)


Why are you assuming that the only solution is to completely remove
the feature of saving form data and summarily declaring that behavior
won't be altered, period (full stop)?

Why not consider solutions that would keep the feature (saving and
re-using the data) but let users review what data is stored?

(Even if the value of a detailed review-and-editing GUI is not worth
the effort required, a simple view-only page would at least let someone
like Paul know whether there was any sensitive data stored or not,
and he could avoid purging all the saved data when he thinks he _might_
have some sensitive data in there but can see and confirm that he
actually doesn't.)


Daniel





_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey

Reply via email to