Victor Probo wrote: > Can you be a bit more specific about the definition of "disable PSM"? > Can you point to any API documentation for this PSM capability? I have > been surprised about private features of the PSM twice now in 2 weeks. > One would hope that all of this would be up front, to instill trust.
I can't be sure about what Christian was talking about, but... I imagine that, if certain http headers are sent with a secure page (e.g. cache: no-store or similar), that PSM won't store form data, because the webserver in question is basically asking it not to. If Moz (or any other web browser that remembers form data, e.g. MSIE) were to store that data, then it would be relatively easy for other (potentially malicious) people to get at that data in certain circumstances. Most of those circumstances involve you being dumb in some obvious or obscure way, but even uber-super-users make dumb mistakes sometimes. If that form data contains, for example, your credit card details, or your password to your online banking facility, that one dumb mistake could cost you a substantial amount of money. Many users, in that situation, would probably blame the bank (since all the user knows is that loads of money disappeared from their account, with no idea of how it happened) Banks don't like this sort of thing happening. Therefore, they want to be able to tell web browsers not to cache certain pages in ANY WAY WHATSOEVER. They will lock browsers out of sites if they don't meet these criteria. This isn't a "secret deal" between the banks and mozilla to make your life difficult. It's the banks saying "unless your browser does this, this and this, we're not letting it in to our site, because it won't be as secure as we want it to be". And the banks, mostly, want it *SECURE* -- gav
