drewbee Posted February 27, 2008 Share Posted February 27, 2008 Since we all know browsers now a days have a nifty little feature to save the information put into textboxses for later use, I am curious if there is a way to prevent this from happening? I have the need to obtain sensitive data from a user, lets say a credit card. So we have the input box requesting credit card information. The user puts it in and is prompted with the box 'Do you want xxx browser to remember this information'. Lets say our user clicks on the 'remember' button and thus the credit card number is stored in the browser for later use. Should it happen to be a public computer, another person sites down and gets ready to buy something as well and as he/she clicks into the credit card box, a nice little pre-filled out credit card number is ready to go for them. What can be done to prevent this? As far as I know there is no attribute to tell it not to remember this information in specific fields. At best I could randomize the input's name on each page load thus not worrying about what the user puts in. This is simply something to protect users from there own stupidity, and if anyone has any tips, please feel free to share them or your thoughts on this situation! Quote Link to comment Share on other sites More sharing options...
beebum Posted February 28, 2008 Share Posted February 28, 2008 Your desire to protect the user is honorable but most likely futile. I am not aware of anything that can be done on your end to prevent the user from storing his cc# in the browser. You could display a warning telling the user not to do that but beyond that I don't think there is anything else you can do. Quote Link to comment Share on other sites More sharing options...
obsidian Posted February 28, 2008 Share Posted February 28, 2008 What you are asking about is akin to removing all choice from the end user. Keep in mind that the "remember" feature is indeed simply a feature of the browser and can therefore be turned off by the user. Along the same lines, the feature is typically disabled or removed entirely at most public places such as libraries. In addition, most browsers that remember certain features will by default ignore certain name field matches (such as SSN and CC information). Again, this varies from browser to browser as well as what 3rd party form memory application may be installed (such as RoboForm), so there is no way to account for all of them. The desire to protect the user from himself is definitely admirable, but it is something that you cannot always do. Quote Link to comment Share on other sites More sharing options...
drewbee Posted February 28, 2008 Author Share Posted February 28, 2008 Yes; I agree! The only thing I have come up with so far is a textarea. I have not come across a browser that remembers the textarea field. I guess I could format it to look like a input box, remove scrolling etc. Almost more work then what is necessary. But it is a start. Quote Link to comment Share on other sites More sharing options...
Northern Flame Posted February 29, 2008 Share Posted February 29, 2008 You can do this with AJAX. just put your inputs, but dont put them in a <form> tag so that the browser wont remember it. then at the end put in this: <button onClick="ajax_function()"> Send Data </button> then use javascript to save the users inputed information and then send it to a page with PHP, tell that page to process the data and then return the results. Seems like a lot to do, but if you are serious about preventing browsers from saving the data, you might want to consider what i wrote above. Quote Link to comment Share on other sites More sharing options...
haku Posted February 29, 2008 Share Posted February 29, 2008 That will work, but it will cut off anyone who turns off javascript on their system. Quote Link to comment Share on other sites More sharing options...
Northern Flame Posted February 29, 2008 Share Posted February 29, 2008 That will work, but it will cut off anyone who turns off javascript on their system. oh yea thats true, i never thought of that Quote Link to comment Share on other sites More sharing options...
drewbee Posted February 29, 2008 Author Share Posted February 29, 2008 Yup; and at times it may be neccessary to force javascript on in the browser. (Or some type of detection for it). The percentage of people with javascript off isn't too terribly high. I think based off of odds of people with javascript off and who 'save information' and who have it on but use the technique above to avoid saving information reduces that number to a very very small fraction (those who have it off and 'save information') of people. Quote Link to comment Share on other sites More sharing options...
fenway Posted February 29, 2008 Share Posted February 29, 2008 I think IE has an "autocomplete" attribute, but I don't know well this is respected. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.