Open Bug 145117 Opened 22 years ago Updated 3 years ago

ask before submitting form password in cleartext

Categories

(SeaMonkey :: Preferences, enhancement)

Product:
SeaMonkey
Component:
Preferences
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

People

(Reporter: smcpeak, Unassigned)

Details

(Whiteboard: [2012 Fall Equinox]) 

I think Mozilla should include a preference to warn the user before a
form is submitted which contains a type="password" input field (into which
the user has typed some text), if the submission is not encrypted.  The
warning should include the option to cancel the submission.
Is the setting to warn for form data unencrypted not good enough?

pi
Sending unencrypted form data (to bugzilla, for example) is so routine
that I always turn off that warning.  It is however much less common to
send form data which includes a type="password"; and at those times I
want encryption, and I'd like a pref so Mozilla will verify for me (b/c
I might forget to glance at the padlock).

You got a point here.

pi
Status: UNCONFIRMED → NEW
Ever confirmed: true
This would be a useful feature to have, since even looking at the padlock does
not always indicate whether or not a password will be sent in cleartext.  On
Bank of America's website, for example, you must enter your username and
password before the padlock is shut, and some JavaScript magic launches an SSL
session which sends the password encrypted.  (Or at least I assume this is what
happens; otherwise the only secure way to login would be to intentionally
misspell your password the first time [the "try again" page displays a padlock],
which seems unlikely).
Product: Browser → Seamonkey
Assignee: bugs → prefs
QA Contact: bugzilla
(Filter "spam" on 'prefs-nobody-20080612'.)
Assignee: prefs → nobody
QA Contact: prefs
Looks like still valid rfe
Whiteboard: [2012 Fall Equinox]
You need to log in before you can comment on or make changes to this bug.