Don't need no credit card to ride this train
An question about web forms and security...
When filling in forms (I use FireFox), it's often possible to hit the down arrow and get a list of things you previously typed into that field. This is kind of handy, mostly, and results in me not having to type my name or email address out a lot.
Forms taking things like credit card details don't usually do this - for obvious reasons - and I assume the existence of some sort of 'nocache' attribute which the form-writer can set on the fields which contain information which should be a little more secure.
Except today I filled in an entire payment form (card number, expiry date, security code, the lot) from cached information based on me having filled the same form out on that website months ago. This strikes me as Not Good.
I intend to write to the site in question and tell them I think they're a bit rubbish... but I'd like to be sure I know what I'm talking about first. Am I right about the form attribute ? Am I totally wrong, and this is something which FireFox implements wrongly and the site itself can't be blamed for ?
Informed opinion welcome :)
When filling in forms (I use FireFox), it's often possible to hit the down arrow and get a list of things you previously typed into that field. This is kind of handy, mostly, and results in me not having to type my name or email address out a lot.
Forms taking things like credit card details don't usually do this - for obvious reasons - and I assume the existence of some sort of 'nocache' attribute which the form-writer can set on the fields which contain information which should be a little more secure.
Except today I filled in an entire payment form (card number, expiry date, security code, the lot) from cached information based on me having filled the same form out on that website months ago. This strikes me as Not Good.
I intend to write to the site in question and tell them I think they're a bit rubbish... but I'd like to be sure I know what I'm talking about first. Am I right about the form attribute ? Am I totally wrong, and this is something which FireFox implements wrongly and the site itself can't be blamed for ?
Informed opinion welcome :)