[Cryptography] Of web form passwords etc

Ray Dillinger bear at sonic.net
Mon Dec 29 13:27:22 EST 2014

On 12/29/2014 08:17 AM, Dave Horsfall wrote:
> There's been a bit of discussion about this, so here's one more item to 
> throw into the stew-pot.
> We've all see those forms where the name is pre-filled (cookies, etc), and 
> you merely have to supply a password, right?  All well and good, I 
> suppose, as it enhances my web experience, etc.
> Well, I'm starting to see the opposite: password field filled in, and all 
> I have to do is supply, say, my email address...
> Am I paranoid enough, yet?  My current browser is Firefox (always updated) 
> on a Mac (similarly always updated).

This isn't the cookies/remote website etc, this is Firefox
being "helpful."  It keeps a cache for repetitive forms you
fill out, indexed by the fieldname of the entry box and the
URL of the site.

It will politely ask whether you want it to store your
password for this site before storing something for a
fieldname of "password" or "Password" etc, but if the
field is named something else, it's just another string....


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141229/6ae7a0f9/attachment.sig>

More information about the cryptography mailing list