Thursday, March 17, 2011

Simple Autocomplete

IRCTC - India's Rail Ticket Booking Website which is sought to be a secure platform for the citizens booking their tickets has few simple security configurations missing.

An example is the auto-complete not set to off on their payments page - a practice which most of the secure web applications follow for sensitive pages right from login page. Below is a snapshot.

1 comment:

  1. Nice observation!, i have seen this website when i was booking the ticket, i think this entire website is depends on one DLL (bv60.dll). So do you think is it secure?

    ReplyDelete