As you can see, the online form is composed of various sections. Each one is reachable at any time while filling the form. Some validations are imposed whenever trying to navigate away from some pages.
While it's pretty obvious that an ASP.NET session is being handled (hint: a Sesame Street character crave for these ;-) ), the design during this navigation is flawed. Parameters are passed through simple HTML. I actually typed "meinpassword" as my chosen password in two password-type text fields.
As a user, this imposes a risk if you're in a public computer or network. Your password travels along the network via HTTP (no "S" here, sorry), and it will be saved in the browser's history. The user is never warned of such risk. So, who could prevent identity theft? Is there a public institution that audits these services?
We need protection from the protectors.
No hay comentarios.:
Publicar un comentario