Closed Bug 382033 Opened 17 years ago Closed 17 years ago

New option to Warn user about unencrypted connection only when lock is shown

Categories

(Firefox :: Settings UI, enhancement)

x86
Windows XP
enhancement
Not set
normal

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: njglin, Unassigned)

References

()

Details

Attachments

(1 file)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2

When submitting forms currently there are two security settings:
1. No warning about submitting data over unencrypted connection
2. with warning.
Problem is that on some popular sites, for example search engines like google, each submission results in the popup warning.  The only alternative right now is to turn warnings off.


Reproducible: Always

Steps to Reproduce:
1. In Tools->Options->Security->Warning Messages->Settings->Show a warning dialog when:
   check: I submit Information that's not encrypted
   Apply the change
2.access google.com; enter any search word; press "Enter"
3. Observe popup with a warning anout sending information over unencrypted connection


Expected Results:  
ENHANCEMENT
Introduce parameter which will allow to have warnings only if connection from
the website to user is encrypted (https), but connection from the user to the website is not encrypted.
This way warning popup will appear only when user expects connection to be secure because lock is shown and address bar turns yellow, but the security is only one way from website to user - connection from user to website is not encrypted.

Current setting results in warning popup unless connection from user to website is secure.  In every day browsing moajority of accesses are over unencrypted connection (web seearches for example).  Acknowledging the popup on connections where user does not expect it to be secure becomes tedious and many will turn the warining off.
Having ability to have warning only when user excpects security will results in many more users actually using the warning which is conditional.
Attached file google search form
As you can see using the attachment (which is hosted on an https site), Firefox already warns for https-to-http form submissions, even if you've disabled the http-to-http form submission dialog.  The https-to-http dialog doesn't even have a checkbox for disabling it.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: