Closed
Bug 27973
Opened 25 years ago
Closed 24 years ago
advanced.mailftp (address as password) SHOULDN'T default ON (true)!
Categories
(SeaMonkey :: Preferences, defect, P3)
Tracking
(Not tracked)
People
(Reporter: bugzilla, Assigned: matt)
Details
Attachments
(1 file)
|
696 bytes,
patch
|
Details | Diff | Splinter Review |
In: http://lxr.mozilla.org/seamonkey/source/modules/libpref/src/init/all.js#189 the pref: pref("advanced.mailftp", true); is defaulted to TRUE which means: "Send email address as password to anonymouse FTP sites!" Expected: Is off per default!
sairuh - this pref has nothing to do with mail functionality. It has to do with ftp functionality :-)
QA Contact: lchiang → sairuh
reassgin to mcafee since he's the author for pref-irc.xul which has "advanced.mailftp".
Assignee: chuang → mcafee
|
||
Comment 5•25 years ago
|
||
pref-irc.xul should be empty right now, this pref is also in: http://lxr.mozilla.org/seamonkey/source/xpfe/components/prefwindow/resources/content/pref-advanced.xul#80 which makes this a mailnews bug. Back to chuang.
Assignee: mcafee → chuang
I don't own pref-advanced.xul. Mailnews doesn't use this pref.
Assignee: chuang → matt
|
||
Comment 7•25 years ago
|
||
4.x profiles migrated forward do not have this problem, as it was off by default there. This would seem to merit being a beta 1 blocker, as this would be very bad PR for the project early on if "Mozilla Gives Out Your E-mail Address to Every FTP Site" gets splashed around in the media.
|
||
Updated•24 years ago
|
Target Milestone: M16 → M18
|
Reporter | |
Comment 9•24 years ago
|
||
I still think this is important for moving to M18. Talk about bad security if your e-mail address is submitted to all FTP sites.
|
||
Comment 10•24 years ago
|
||
Bug 35317, "Option "Send email as anonymous ftp password" should not be on by default", has been made a DUP of RFE bug 17661, "RFE: pref for "Prompt to send e-mail address as FTP password""... creating such a pref, using it, and setting it true by default would address this problem, but: If that is to be a distinct pref, either bug 17761 needs to no longer be an RFE, or advanced.mailftp also needs to default to false. The other alternative, and this feels cleaner to me, would be to make advanced.mailftp accept three states: "yes", "no", and "ask", corresponding to: +-----FTP---------------------------------------------------+ | ( ) Send email address as FTP password | | (*) Do not send email address as FTP password | | ( ) Ask before sending email address as FTP password | +-----------------------------------------------------------+ Note that anyone using MailNews (or whatever it will be called) as a primary mail user agent does not have the option of using a null or bogus email address to avoid leaking their real address to FTP sites.
Summary: advanced.mailftp should NOT be true as default! → advanced.mailftp (address as password) SHOULDN'T default ON (true)!
|
|
Reporter | |
Comment 13•24 years ago
|
||
|
||
Comment 14•24 years ago
|
||
What happens when the pref is off? Will we just send a random string, or will we prompt the user? A lot of users might be confused by the latter behavior, since other browsers don't ask them for passwords on ftp sites, and if they haven't used a command-line ftp client., they probably won't expect to have to type a password.
|
||
Comment 15•24 years ago
|
||
Bug 55030 has the same patch and is rtm++. *** This bug has been marked as a duplicate of 55030 ***
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
|
||
Comment 16•24 years ago
|
||
akk, we send a "random" string ("mozilla@").
Seems like this pref is never used.
<rant>
If it was, and I didn't file a new bug and fixed it, N6 would have shipped with
default on. Something like that must not happen. You need to care more about
your bugs.
</rant>
|
||
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•