Closed Bug 168437 Opened 23 years ago Closed 23 years ago

password manager and virtual hosts

Categories

(SeaMonkey :: Passwords & Permissions, enhancement)

Product:
SeaMonkey
Component:
Passwords & Permissions
Platform:
x86
Linux
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 92966

People

(Reporter: u20230201, Assigned: morse)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.0.0) Gecko/20020604 Build Identifier: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.0.0) Gecko/20020604 Some sites use virtual hosts or a cluster environment that causes varyiing host names in the user visible URIs. Using the password manager to help you remember all your passwords you have to have these days, changing the hostname also means that you'll have to enter form or password data again. Mozilla cannot automatically detect virtual hosts, I guess, but the password and form manager could offer to use the data from a similar looking page of another host. Also the password manager tool could allow to copy existing form data to another host's enty (in case some URL changes). Reproducible: Always Steps to Reproduce: https://itrc.hp.com is one example of a system using virtual hosts Actual Results: The password doesn't fill in automatically Expected Results: The password should be filled in automatically
This looks like a dupe of 163960 (although hotmail uses multiple servers, not virtual hosts), which is however a WONTFIX. I think we'll need a regular expression like *.hotmail.passport.com to fix that. But I'm not 100% how to do this with virtual hosts. If the ip-addresses are the same, we still can't be sure that the passwords are the same. What if we have a www.store.tld and a www.forum.tld that map to the same physical ip-address, and where I have 2 /different/ accounts ? We could present the user with the 2 different usernames, but he/she might be surprised to see that we offer to send the 'store' username & password to the forum instead. That might be a huge security breach ! It's not because 2 sites share the same ip-address, that they're controlled by the same people. And what are we supposed to do with sites that have virtual hosts, but that itself are mapped to multiple ip-addresses ? Like geocities for example.
Whiteboard: DUPEME
--> Password Manager
Component: Security: General → Password Manager
Reassigning (sorry for the spam)
Assignee: mstoltz → morse
QA Contact: bsharma → tpreston
*** This bug has been marked as a duplicate of 92966 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
Product: Browser → Seamonkey
Whiteboard: DUPEME
You need to log in before you can comment on or make changes to this bug.