On 10/01/2010 04:12 PM, Paul B. Gallagher wrote: > NoOp wrote: > >> On 09/30/2010 07:13 PM, Paul B. Gallagher wrote: >>> I recently visited an online site that accepts political contributions >>> for a variety of candidates. I entered my credit card info to make a >>> contribution, printed my receipt, and left. The next time I visited, >>> SeaMonkey had all the credit card info stored and ready to go, which was >>> really scary. I poked around and couldn't find any way to prohibit it >>> from storing info entered in this field or at this site, so I ended up >>> with the heavy-handed solution of purging ALL saved data, which will be >>> a safe inconvenience. >>> >>> I've now disabled this dangerous feature (after ten minutes of searching >>> for the checkbox in the prefs -- it was just as hard to find as last >>> time), because >>> >>> a) It never warned me that it was saving credit card info; >>> >>> b) There seems to be no way to prevent it from saving credit card info >>> -- it sees all form data as equally eligible. >>> >>> c) There seems to be no way to inspect or edit saved data, so I can't >>> even be sure SeaMonkey really did purge the data. >>> >>> As far as I'm concerned, this is a major security hole that should be >>> fixed as soon as possible. >>> >> >> It's Friday afternoon so I apologize as I've not bothered to look >> through every response... On a browser page: >> >> Tools|Clear Private Data (Ctrl-Shift-Del) >> Clear the following items now: >> o Browsing History >> o Location Bar History >> o Download History >> o Saved Form and Search History >> o Cache >> o Cookies >> o Offline Website Data >> o Saved Passwords >> o Authenticated Sessions >> 'Cancel' 'Clear Private Data Now' >> >> Edit|Preferences|Privacy& Security >> Private Data >> etc., etc. >> >> Does that not work for you? > > Yes, a little, but mostly no. > > In addition to a), b), and c) above, I've said elsewhere in this thread: > >> So right now, the only way of preventing the browser from saving cc >> info is to disable the form history feature entirely. That's >> unacceptable (because most users won't do it) and inconvenient >> (because those who are smart enough to do it lose the >> functionality). A bad workaround with the feature enabled is to try >> to remember, each and every time I submit cc info, to clear the form >> history the moment the card is accepted. > > And if I do that, I lose all the other useful but nonsensitive info I've > saved. I might as well just turn the feature off, which is what I've done. >
I actually don't use forms, so I'm taking a SWAG here; Tools|Sqlite Manager might give you some indication/view of the database (formhistory.sqlite) to see if the CC is actually stored there or if the website is storing on their site based on a cookie. You might want to try clearing all cookies, cache (disk and mem) as well as macromedia cookies. Turn off cookies & then revisit the website to see if the info is still available. At least that may eliminate if it is SM or the website. Good luck as I understand the security implications. _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
