Closed Bug 1170621 Opened 7 years ago Closed 7 years ago

[userstory] As a user, I want Firefox to protect me from submitting my password when the browser knows that the connection isn’t secure, because I don’t want hackers to get it.

Categories

(Firefox :: General, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
Tracking Status
firefox41 --- affected

People

(Reporter: MarcoM, Unassigned)

References

Details

(Whiteboard: [fxprivacy] [userstory])

User Story

Summary:
* As a user, I want Firefox to protect me from submitting my password when the browser knows that the connection isn’t secure, because I don’t want hackers to get it.

Acceptance Criteria:
* UX mock of contextual feedback when a password field submits over an unencrypted connection.
No description provided.
Flags: firefox-backlog+
Then, detecting SSL will not necessarily achieve what you want.  SSL is an encryption system, and as such does NOT prevent the receiving party (the webserver) from knowing what characters the user typed at the keyboard.  

A proper password protection system HASHES the password. This prevents the webserver from doing anything other than checking that what you typed this time is the same as what you typed when you set your password. The webserver does not store the actual password. Only you know that.

SSL does give some protection against main-in-the-middle security leaks (dishonest data carriers) but I'm not sure how prevalent such issues are. Probably, not all that common. 

The majority of hackings arise by way of SQL code injection exploits being used to take control of webservers. As far as the 'owned' webserver and the hacker controlling it is concerned, SSL makes absolutely zero difference. Passwords sent to the server can be decrypted with the SSL key, and used to impersonate you on this site, or on other sites where you used the same password.  

Thus, any browser feature designed to protect your password would have to detect HASHING of the password before transmission. Since hashing is a software function for which no standardised method exists, I imagine that coding a hashing detection algortithm would be a challenging task. One obvious sign that a password is NOT being hashed, though, would be a bog-standard form submit button in the HTML, with no Javascript (or other scripting code) attached. The fact that scripting IS involved in the submission process would not necessarily indicate hashing of course, it could be merely checking for blank fields or the like. But, no scripting definitely equals insecure password. 

Bottom line; it's really down-to whether you trust the competency of the programmer who put-up the website. If you don't think their work is competent (loads of coding errors might be a clue there!) then don't give the site any password you value. 

HTH.
Rank: 6
Rank: 6 → 4
Depends on: 1135766
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.