Knowledge Base
Community

Security flaw in website

Started by: stramash
On: 21/06/2010 | 12:46
Replies: 6
Reply

Go to best answer
by: stramash
on: 21/06/2010 | 12:46

Hi all,

 

I just topped-up using Firefox on Ubuntu. My friend had previously used his card to top me up and I gave him the cash (three weeks ago). Worryingly all his details that had been typed were available as auto-complete entries. Other than the two drop-down boxes (for expiry date and card type) all his details had been stored. AFAIK this can be fairly easily fixed so that the fields do not allow auto-completion.

 

This should be fixed as a matter of urgency.

 

Cheers,

Life's a beach...

Smiley Very Happy
Message 1 of 7
1 BEST ANSWER

Accepted Solutions
Highlighted
by: xmob
on: 21/06/2010 | 14:03

The auto-complete is a browser thing, NOT this website.

 

More details on this, and how to stop/clear it can be found here.

Message 3 of 7
by: hg
on: 21/06/2010 | 13:47 edited: 21/06/2010 | 13:52

 


@stramash wrote:

 

I just topped-up using Firefox on Ubuntu. My friend had previously used his card to top me up and I gave him the cash (three weeks ago). Worryingly all his details that had been typed were available as auto-complete entries. Other than the two drop-down boxes (for expiry date and card type) all his details had been stored. AFAIK this can be fairly easily fixed so that the fields do not allow auto-completion.

 


 

Are you sure the auto-complete option you are referring to is not set as a user option in your own browser, or linked software ?


You might want to double-check that.

 

After that, there is an option for giffgaff to remember your credit card details, or not, when you create your account.  If that option has been selected, you may need to Ask an agent because I seem to remember we were told that it was currently not possible to "unremember" card details which had been stored that way.

 

Regards

 

hg

 

Message 2 of 7
Highlighted
by: xmob
on: 21/06/2010 | 14:03

The auto-complete is a browser thing, NOT this website.

 

More details on this, and how to stop/clear it can be found here.

Message 3 of 7
by: stramash
on: 21/06/2010 | 17:24

Fair enough but I thought it was possible to stop auto-completion by seting an attribute of the field. for example my online banking site never autocompletes my user name. Is this possible in PHP?

Life's a beach...

Smiley Very Happy
Message 4 of 7
by: xmob
on: 21/06/2010 | 21:36

There is an autocomplete="off" attribute, but it's not standards compliant.

Message 5 of 7
by: stramash
on: 22/06/2010 | 17:52

Yeah I had a look at it, there are a few issues

 

Life's a beach...

Smiley Very Happy
Message 6 of 7
by: omondisingh
on: 30/06/2010 | 07:50

I think its ur brower..im pretty sure u can turn it off

Message 7 of 7