[Zope] IE5 form entry horror.

Wolf Logan wolf@searchbutton.com
Wed, 12 May 1999 14:01:51 -0700


i think i have to agree...this is a client security problem, and not one
that can be easily "fixed" from the server side. there are a million
(approximately!) security holes in most web browsers...and most of them
aren't as obvious to the user as this one. if you try to solve client-side
security issues from the server side, you're setting yourself up for a
*huge* chunk of work, most of which will be thankless (and unprofitable).

on the other hand, the autocomplete function only works on fields that are
"visible" to the user...it doesn't work on "password" style fields. that
might be of some help.

-----Original Message-----
From: Alexander Staubo [mailto:alex@mop.no]
Sent: Wednesday, May 12, 1999 8:45 AM

It's a client security problem, not something that hits the server in
any particular way. If the desktop user configured his computer so that
anyone can reclaim his password from the autocomplete list, that's his
problem. You could "fix" Zope, but it wouldn't fix the thousands of
other web sites which also do credit card.

>-----Original Message-----
>From: anthony@nextTelecom.com [mailto:anthony@nextTelecom.com]On Behalf
>Of Anthony Baxter
>Sent: 12. mai 1999 16:38
>
>IE5 appears to have a client-side cache of form entry values - so if
>someone returns to a page, they get a drop-box of previously entered
>values for this form field - this occurs even on a form
>accessed by https.