Closed
Bug 478678
Opened 15 years ago
Closed 15 years ago
Password fill algorithm flawed...
Categories
(Toolkit :: Password Manager, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 499223
People
(Reporter: xandrani, Unassigned)
Details
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9.0.6) Gecko/2009011912 Firefox/3.0.6 Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9.0.6) Gecko/2009011912 Firefox/3.0.6 The algorithm for the password filler seems to be: 1) Password field is the first input of type 'password' (that part is fine). 2) Username is the text field one above the 'password' field (this is flawed). At first glance 2) seems like a reasonable algorithmic step, as of course most login screens will function like this... HOWEVER in forms where for example where a user is editing their profile, a password field is required, but a username is not (as that is already known and they shouldn't really be allowed to edit their username!), this populates the 'username' in to the wrong field (as the username field is omitted). The correct algorithm might be: 1) Does the form have a field of type 'password'? If not do NOT fill, ELSE: 2) If their are two password fields then assume this is an update type of form and only populate the first occurrence of the password (note that the second occurrence is assumed to be a confirmation password). 3) If there is only one password field, then count the number of other visible fields in the form. If it's 2 or 3 then assume the field above the password field is the username... ELSE 4) There are 4 or more fields, so make a guess at the username field based on a sensible guess: In order of preference: 'username' 'user name' 'user' 'name' 'email' etc... This algorithm would work better... it needs work as I've just knocked that together in a couple of minutes but it's much better than the current algorithm. Reproducible: Always
Updated•15 years ago
|
Component: General → Password Manager
Product: Firefox → Toolkit
QA Contact: general → password.manager
Comment 1•15 years ago
|
||
Very simple to set up a test case for this. Form field names can be drastically different. This becomes rather critically important to the user when credit card security information is entered into a form input type=password! Next time they go to log into a site their credit card information pops up in the username field.
Updated•15 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•