160471 - Bookmarks should not save password in URL

Status: NEW

(SeaMonkey :: Bookmarks & History, defect)

Description

[benc]

(coming from bug 111117, dupe checked before filing)

If you have a username:password in your URL (esp ftp), when you save the
bookmark, it automatically saves the URL.

I think that the bookamark interface should recognize and prompt you (save
password or strip it out).

If the password is stripped out, the browser will prompt you when you access the
bookmarked link.

STEPS:
click on URL provided in bug.
select "File bookmarks" (so you can see what bookmarks is thinking.

It will show the URL w/ username and password and save it to bookmarks.

Some people like this, but I don't think it should be the automatic behavior.

Comment 1

[R.K.Aa.]

related: bug 32761, bug 88771, bug 146289, bug 157354

Comment 2

[R.K.Aa.]

typo: bug 146289 should have been bug 130327

Comment 3

[alanjstr]

Whenever you bookmark something, the proper procedure is to use the exact URL. 
I've never seen a web browser behave otherwise.  If you don't want it to save
the password, choose Bookmark -> File Bookmark and change the URL before it is
saved.

Enhancement request, not bug.

Comment 4

[benc]

I disagree, the bookmark feature is not just a URL saver, it is part of a
browser, which is supposed present a secure environment to the user.

We have had many other situations where there were similar decisions, and rarely
have we opted for the more mindless behavior.

Comment 5

[Jason Duell]

I'm adding this to my list of likely network bugs to work on.  No guarantee when I'll actually get to it.

Comment 6

[Phoenix]

Seems Jason didn't get to it.
The main question is: should browser overlook for user? If user wants to save credentials, why it shouldn't be allowed?