Closed Bug 1120836 Opened 10 years ago Closed 10 years ago

Use a lazy getter to decrypt usernames and passwords

Categories

(Toolkit :: Password Manager, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED WONTFIX

People

(Reporter: MattN, Unassigned)

References

Details

Currently, if we construct a login object from storage we decrypt the username and password field at construction time which may lead to a master password prompt. I think we should be able to do the decryption in a lazy getter so the decryption only happens when it's actually needed. The main use-case at the moment is that we are adding telemetry for saved signons in dependencies of bug 672979 and we don't want to trigger a MP seemingly randomly at telemetry gathering time if, for example, we only need to look at timesUsed or lastUsed. The was some other use case in the past to avoid a MP prompt in another non-telemetry case but I don't remember what it was at the moment.
I don't think we should do this for telemetry, as there are better ways to avoid the prompt. Wallet used to do this, and we explicitly didn't in login manager because a lazy getter can result in a flood of master password prompts and/or having to make lots of code aware of the master password problem. Given that the direction we're headed towards is a single, explicit sign-in-to-browser action (instead of randomly waiting for something to want a password and trigger the prompt), I'm going to call this WONTFIX.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.