On Feb 14, 8:59pm, Tony <nos...@example.com> wrote:
> Toby A Inkster wrote:
>
> > Firstly, think very carefully before attempting to do such a thing.
> > Browsers offer this facility because people like this facility. If you
> > attempt to disable it, chances are you'll just annoy your visitors. If
> > you're not a bank, or offering access to people's medical records, or
> > safeguarding the launch codes for some nation's nuclear missiles, then
> > it's probably better to just live with autocomplete -- don't try to work
> > your way around it.
>
> > Bear in mind that having working autocomplete allows the user to choose
> > very long and hard-to-remember passwords, safe in the knowledge that they
> > don't need to type them very often. If you disable autocomplete, users may
> > be tempted to choose shorter, easier to type passwords. So disabling
> > autocomplete could paradoxically make your site *less* secure!
>
> > If you have thought about this, and are really sure you want to disable
> > autocomplete, then the trick is to add 'autocomplete="off"' to all the
> > <input> elements for which you wish to disable the feature. This is a
> > proprietary Microsoft attribute, so it will make your HTML invalid, but it
> > should do the trick most of the time -- and not just for Internet
> > Explorer, as most other browser vendors have adopted it too.
>
> Not tested, but pretty sure it would work: Add a generated timestamp or
> random string to the input name:
> <input type="password" name="password_74234915">
>
> That said, I completely agree with the other comments - I probably
> wouldn't bother to use the site. It's a pretty sure-fire way to lose users..- Hide quoted text -
>
> - Show quoted text -

If I do end up taking this approach how would my program know what
field name to expect? Store the name in a ? Oh, I suppose a
hidden field with the name in it would do the trick. Or did you have
another solution in mind?