Open
Bug 160471
Opened 22 years ago
Updated 12 years ago
Bookmarks should not save password in URL
Categories
(SeaMonkey :: Bookmarks & History, defect)
SeaMonkey
Bookmarks & History
Tracking
(Not tracked)
NEW
People
(Reporter: benc, Unassigned)
References
()
Details
(Keywords: sec-low, Whiteboard: [sg:low local][2012 Fall Equinox])
(coming from bug 111117, dupe checked before filing) If you have a username:password in your URL (esp ftp), when you save the bookmark, it automatically saves the URL. I think that the bookamark interface should recognize and prompt you (save password or strip it out). If the password is stripped out, the browser will prompt you when you access the bookmarked link. STEPS: click on URL provided in bug. select "File bookmarks" (so you can see what bookmarks is thinking. It will show the URL w/ username and password and save it to bookmarks. Some people like this, but I don't think it should be the automatic behavior.
related: bug 32761, bug 88771, bug 146289, bug 157354
typo: bug 146289 should have been bug 130327
Whenever you bookmark something, the proper procedure is to use the exact URL. I've never seen a web browser behave otherwise. If you don't want it to save the password, choose Bookmark -> File Bookmark and change the URL before it is saved. Enhancement request, not bug.
I disagree, the bookmark feature is not just a URL saver, it is part of a browser, which is supposed present a secure environment to the user. We have had many other situations where there were similar decisions, and rarely have we opted for the more mindless behavior.
OS: AIX → All
Updated•20 years ago
|
Product: Browser → Seamonkey
Updated•17 years ago
|
Assignee: bugs → nobody
QA Contact: claudius → bookmarks
Comment 5•16 years ago
|
||
I'm adding this to my list of likely network bugs to work on. No guarantee when I'll actually get to it.
Assignee: nobody → jduell
Updated•14 years ago
|
Whiteboard: [sg:low local]
Seems Jason didn't get to it. The main question is: should browser overlook for user? If user wants to save credentials, why it shouldn't be allowed?
Assignee: jduell.mcbugs → nobody
Whiteboard: [sg:low local] → [sg:low local][2012 Fall Equinox]
You need to log in
before you can comment on or make changes to this bug.
Description
•