Closed Bug 1120836 Opened 9 years ago Closed 9 years ago

Use a lazy getter to decrypt usernames and passwords


(Toolkit :: Password Manager, enhancement)

Not set





(Reporter: MattN, Unassigned)



Currently, if we construct a login object from storage we decrypt the username and password field at construction time which may lead to a master password prompt. I think we should be able to do the decryption in a lazy getter so the decryption only happens when it's actually needed.

The main use-case at the moment is that we are adding telemetry for saved signons in dependencies of bug 672979 and we don't want to trigger a MP seemingly randomly at telemetry gathering time if, for example, we only need to look at timesUsed or lastUsed.

The was some other use case in the past to avoid a MP prompt in another non-telemetry case but I don't remember what it was at the moment.
I don't think we should do this for telemetry, as there are better ways to avoid the prompt.

Wallet used to do this, and we explicitly didn't in login manager because a lazy getter can result in a flood of master password prompts and/or having to make lots of code aware of the master password problem.

Given that the direction we're headed towards is a single, explicit sign-in-to-browser action (instead of randomly waiting for something to want a password and trigger the prompt), I'm going to call this WONTFIX.
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.