Closed Bug 514125 Opened 14 years ago Closed 14 years ago

Heuristically detect credit card numbers and don't save them in form memory

Categories

(Toolkit :: Form Manager, enhancement)

Product:
Toolkit
Component:
Form Manager
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 188285

People

(Reporter: zwol, Unassigned)

Details

It might improve user security to avoid saving credit card numbers in the form autocomplete memory.  The primary benefit I see is that malware running on the  computer could not trawl the database for such numbers.  It might also help in situations where a computer is casually shared (i.e. nobody has bothered to set up profile or user-account isolation or history clearing on exit), such as a family computer where the parents would really rather their 12-year-old child not buy things online without permission.

There's no surefire way to detect credit card numbers, but we could do heuristics on the field name and/or <label> (look for "credit", "card", "account", etc), and we could also simply avoid remembering 20-digit numbers that obey the credit-card-number checksum rule.
I do agree with you, but this is a long old dupe.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.