NoOp wrote:
On 09/30/2010 07:13 PM, Paul B. Gallagher wrote:
I recently visited an online site that accepts political contributions
for a variety of candidates. I entered my credit card info to make a
contribution, printed my receipt, and left. The next time I visited,
SeaMonkey had all the credit card info stored and ready to go, which was
really scary. I poked around and couldn't find any way to prohibit it
from storing info entered in this field or at this site, so I ended up
with the heavy-handed solution of purging ALL saved data, which will be
a safe inconvenience.
I've now disabled this dangerous feature (after ten minutes of searching
for the checkbox in the prefs -- it was just as hard to find as last
time), because
a) It never warned me that it was saving credit card info;
b) There seems to be no way to prevent it from saving credit card info
-- it sees all form data as equally eligible.
c) There seems to be no way to inspect or edit saved data, so I can't
even be sure SeaMonkey really did purge the data.
As far as I'm concerned, this is a major security hole that should be
fixed as soon as possible.
It's Friday afternoon so I apologize as I've not bothered to look
through every response... On a browser page:
Tools|Clear Private Data (Ctrl-Shift-Del)
Clear the following items now:
o Browsing History
o Location Bar History
o Download History
o Saved Form and Search History
o Cache
o Cookies
o Offline Website Data
o Saved Passwords
o Authenticated Sessions
'Cancel' 'Clear Private Data Now'
Edit|Preferences|Privacy& Security
Private Data
etc., etc.
Does that not work for you?
Yes, a little, but mostly no.
In addition to a), b), and c) above, I've said elsewhere in this thread:
So right now, the only way of preventing the browser from saving cc
info is to disable the form history feature entirely. That's
unacceptable (because most users won't do it) and inconvenient
(because those who are smart enough to do it lose the
functionality). A bad workaround with the feature enabled is to try
to remember, each and every time I submit cc info, to clear the form
history the moment the card is accepted.
And if I do that, I lose all the other useful but nonsensitive info I've
saved. I might as well just turn the feature off, which is what I've done.
--
War doesn't determine who's right, just who's left.
--
Paul B. Gallagher
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
