Closed
Bug 52616
Opened 24 years ago
Closed 23 years ago
Distinguish between basic authentication and proxy auth. dialogs
Categories
(Core :: Networking: HTTP, enhancement, P3)
Core
Networking: HTTP
Tracking
()
Future
People
(Reporter: Matt.Behrens, Assigned: darin.moz)
References
Details
(Keywords: arch)
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; m18) Gecko/20000913 BuildID: 2000091317 Currently authentication dialogs for proxy servers and for authenticating to web sites are identical. This might be a potential security risk, since a user may enter his proxy server username/password in response to an auth request from a web site. Admittedly this may be a social problem rather than a real, live security issue but I see it as valid. Communicator 4.7 (at least, probably more) properly stated in its dialog that it wanted proxy credentials when it was given a proxy authentication request. IE (or at least the version I have handy) currently does *not* do this, though they should.
Updated•24 years ago
|
Adam I am hoping this is another bug similar to 50682...
Assignee: hangas → adamlock
Yes I think it is. I'm marking it a duplicate. *** This bug has been marked as a duplicate of 50682 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Comment 3•24 years ago
|
||
No, this is not related to bug 50682. A much closer cousin is bug 38008. Let me try to clarify: In NC4, you get password dialogs when HTTP calls for it. If a password is required for proxy access, the dialog looks like this: [ Username and Password Required [X] ] Proxy authentication required for www.example.com at proxyhost:80: User Name: [ ] Password: [ ] [ OK ] [ Cancel ] |___________________________________________________| However, if the password is required for Basic authentication on a site realm, the dialog looks like this: [ Username and Password Required [X] ] Enter username for Basic Authentication Realm at www.example.com: User Name: [ ] Password: [ ] [ OK ] [ Cancel ] |___________________________________________________| By contrast, Mozilla (or did, I have not tried recent builds, too busy) currently shows a dialog that does not allow the user to distinguish whether he is issuing a username and password for a proxy server or for a site realm. This could result in a user inadvertently issuing his proxy username and password to a remote site, which could result in local server compromise.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Updated•24 years ago
|
Assignee: adamlock → gagan
Status: REOPENED → NEW
Component: User Interface: Design Feedback → Networking
OS: Windows NT → All
QA Contact: mpt → tever
Hardware: PC → All
Summary: proxy server auth dialog should say what it is → Distinguish between basic authentication and proxy auth. dialogs
Comment 4•24 years ago
|
||
Ah, I see. Not Adam's bug then. -->Networking. Ideally we want different titles (`Authentication required' vs. `Proxy authentication required'), different labels for the server name (`Server:' vs. `Proxy:'), and maybe even different icons too.
Comment 5•24 years ago
|
||
One additional factor is that you should really only need to log into a proxy server once, not for each domain you are browsing to. Right now if you look at another domain it seems to want to re-authenticate to the proxy.
Thats only becuz of another bug 32335 which should be landing in soon... to darin and setting to future.
Assignee: gagan → darin
Target Milestone: --- → Future
Assignee | ||
Updated•24 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 7•24 years ago
|
||
Ok, this bug cannot be fixed without an API change. See bugs 59609 and 46859 for a related discussion.
Assignee | ||
Updated•24 years ago
|
Component: Networking → Networking: HTTP
This was fixed in bug 60588. *** This bug has been marked as a duplicate of 60588 ***
Status: ASSIGNED → RESOLVED
Closed: 24 years ago → 23 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•