233340 - [meta] Password Manager: should exclusively store passwords from URLs

Status: RESOLVED INVALID

(SeaMonkey :: Passwords & Permissions, defect)

Description

[benc]

(dup checked before filing)
choffman made an interesting point today:

all passwords should be stored in password manager.

This bug is a tracking bug for that idea, as far as passwords in URL's go.

Please do not link up bugs that have to do w/ other features, this is passwords
in URLs ONLY.

---
As far as implementation, I think the general idea is that we need to be
trapping entry points where passwords are used, and making sure password manager
is called for storage, while removing the password from the URLs. This would
prevent the propgration of URL's w/ passwords (into history, into bookmarks, as
forwarded mail, into client generated content, etc.)

Comment 1

[Christian :Biesinger (don't email me, ping me on IRC)]

what if password manager is disabled? I don't think people would be happy if
they couldn't follow links on (non-anonymous) ftp servers with pw mgr disabled...

Comment 2

[Daniel Veditz [:dveditz]]

We should make sure password manager gets a crack at storing these, but only in
the same way it ever does -- if not disabled it asks the user whether they want
to store the password or not. We can't make it mandatory (shared machines, super
sekret passwords, kiosk set ups, etc.).

Comment 3

[benc]

ostgote@gmx.net found some more...

Comment 4

[Justin Dolske [:Dolske]]

Old bug with unclear purpose --> INVALID.