do websites retain this?

Discussion in 'privacy problems' started by personguy666, May 12, 2012.

Thread Status:
Not open for further replies.
  1. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    like if you go on a login page of yahoo for example
    and type in something in the "username" box
    but delete it w/o hitting enter.
    does what you typed remain on yahoo servers?
     
  2. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    The typical sign-in page contains a simple HTML form where the values of inputs (username, password, and/or other types) are not sent to the server until the form is submitted by clicking the correct button or hitting enter if that is supported. Usually there is a validation step which prevents the form from being submitted unless/until all of the required inputs are set acceptably. IOW, in the most common case what you typed or pasted into the username box before correction would never be sent off your computer.

    However, that basic behavior can be expanded upon to achieve various more complex behaviors. If desired for some reason, a sign-in page can be designed to submit things in a more piecemeal fashion. For example, to update the input options based on what has been entered and submitted thus far. Unless there is some server-based auto-complete function at work, which I wouldn't expect for a username field, I think you'd typically still be OK as long as the username input didn't lose focus and you didn't run into a max length limit. Such events are likely to trigger a handler which could think you are done entering your username and thus go on to send it to the server.

    In order to know what kind of sign-in form you're dealing with you'd have to look at the HTML, script, possibly other things. You could also watch your browser's network traffic and factor that in. If the website supports one of the single sign-on systems, information such as username, your logged-in/logged-out status, etc might be sent to parties above and beyond the website you are interacting with and the exchange of that information may or may not be observable by you.

    I would expect websites especially larger ones to retain login attempt information including username, IP Address, etc for some time. As for the details, they would be known only to those who are intimately familiar with the server side of things including logging and backup strategies.
     
  3. CasperFace

    CasperFace Registered Member

    Joined:
    Jul 31, 2010
    Posts:
    200
    I know on some sites, text box entries (such as a username box) are validated on-the-fly using Javascript. That way, it can check the entry against their database so you can know whether or not the username is available before submitting the form. However, I highly doubt the server would retain anything (other than the usual IP address/timestamp info) before you actually submit and confirm and the information you entered to create a new account.
     
  4. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    i'm not talking about a registration page
    i'm talking about a login page.
    does that retained?
     
  5. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,975
    Location:
    U.S.A.
    personguy666, the answer was provided in the first sentence of TheWindBringeth's post.

    The Yahoo's Login page will not send any info to the server, until you click the Sign In button.
     
  6. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    ok
    but if you fill a box that has the javascript thing
    how long is that kept on servers if it's sent before you submit...
     
  7. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    and do all fields which have reactions after you input have stuff sent to the server?
    so for example the yahoo email sending field?
     
  8. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,975
    Location:
    U.S.A.
    JavaScript Form Validation is not a server side operation, but a client side (browser) operation, so until you click the Sign In or Submit button, none of the info is sent to a server.

    If by reaction, you mean fields being checked via the above JavaScript Form Validation, then the same answer applies: no info is sent to the server until submitted. If you complete the form, and click the button, then yes, the field info is sent to a server to process the form.

    If you read the E-mail Validation section, you'll see that JavaScript only checks the syntax of an email address. After the form is sent, Yahoo will check whether the ID and Password matches their database record. If yes, you are in. If not, you get a message stating either the wrong ID or Password was submitted.
     
  9. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    so above also applies to text fields with an automatic spellcheck, etc. that the website uses right?
     
  10. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,975
    Location:
    U.S.A.
    A spellcheck program is associated with a browser, not a website. JavaScript Form Validations can only check field parameters that a developer has designated.

    Let's keep one item in perspective, and I'll use Wilders as an example. When you type wilders.com in your address bar, your browser retrieves Wilders main page from the server. That page's content (format, graphics, links, etc.) now resides in your browser. If you don't click on anything, whatever you do inside Wilders' main page, the server does not come into play.

    Now, when you click on a llink, you are asking your browser to interact with the Wilders server to download a link's content. And again, that content resides in your browser.

    This is an over simplification of the interaction between a browser and a server, using a simple website like Wilders, yet based on your questions, I thought you should know that just because you see a page in your browser, it does not usually means that the server is connected, watching your every move.
     
  11. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    i dont mean that
    i mean a text field on a website itself
    eg on yahoo answers if you type in it tells you "you have x mistakes"
     
  12. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,975
    Location:
    U.S.A.
    I don't use Yahoo! Answers, so I don't know how if they have a built-in spellchecker, or if they are using your own browser's spellchecker.

    In this How do I ask a question? page, it seems to me that until you click Submit, whatever is typed remains in your browser. However, the Preview function could send info to a server. Perhaps a Wilders member, who has an account with Yahoo! Answers, might respond to your particular inquiry.
     
Thread Status:
Not open for further replies.