Open
Bug 145117
Opened 22 years ago
Updated 3 years ago
ask before submitting form password in cleartext
Categories
(SeaMonkey :: Preferences, enhancement)
SeaMonkey
Preferences
Tracking
(Not tracked)
NEW
People
(Reporter: smcpeak, Unassigned)
Details
(Whiteboard: [2012 Fall Equinox])
I think Mozilla should include a preference to warn the user before a form is submitted which contains a type="password" input field (into which the user has typed some text), if the submission is not encrypted. The warning should include the option to cancel the submission.
Comment 1•22 years ago
|
||
Is the setting to warn for form data unencrypted not good enough? pi
Reporter | ||
Comment 2•22 years ago
|
||
Sending unencrypted form data (to bugzilla, for example) is so routine that I always turn off that warning. It is however much less common to send form data which includes a type="password"; and at those times I want encryption, and I'd like a pref so Mozilla will verify for me (b/c I might forget to glance at the padlock).
Comment 4•20 years ago
|
||
This would be a useful feature to have, since even looking at the padlock does not always indicate whether or not a password will be sent in cleartext. On Bank of America's website, for example, you must enter your username and password before the padlock is shut, and some JavaScript magic launches an SSL session which sends the password encrypted. (Or at least I assume this is what happens; otherwise the only secure way to login would be to intentionally misspell your password the first time [the "try again" page displays a padlock], which seems unlikely).
Updated•20 years ago
|
Product: Browser → Seamonkey
Updated•17 years ago
|
Assignee: bugs → prefs
QA Contact: bugzilla
Comment 5•16 years ago
|
||
(Filter "spam" on 'prefs-nobody-20080612'.)
Assignee: prefs → nobody
QA Contact: prefs
You need to log in
before you can comment on or make changes to this bug.
Description
•