password manager and virtual hosts

RESOLVED DUPLICATE of bug 92966

Status

Product:
SeaMonkey
Component:
Passwords & Permissions
Importance:
--
enhancement
Status:
RESOLVED DUPLICATE of bug 92966
Reported:
16 years ago
Modified:
5 years ago

People

(Reporter: Ulrich.Windl, Assigned: morse)

Tracking

Version:
Trunk
Platform:
x86
Linux

Firefox Tracking Flags

(Not tracked)

Details
(Reporter)

Description

16 years ago 
User-Agent:       Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.0.0) Gecko/20020604
Build Identifier: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.0.0) Gecko/20020604

Some sites use virtual hosts or a cluster environment that causes varyiing host
names in the user visible URIs. Using the password manager to help you remember
all your passwords you have to have these days, changing the hostname also means
that you'll have to enter form or password data again.
Mozilla cannot automatically detect virtual hosts, I guess, but the password and
form manager could offer to use the data from a similar looking page of another
host. Also the password manager tool could allow to copy existing form data to
another host's enty (in case some URL changes).

Reproducible: Always

Steps to Reproduce:
https://itrc.hp.com is one example of a system using virtual hosts
Actual Results:  
The password doesn't fill in automatically

Expected Results:  
The password should be filled in automatically

Comment 1

16 years ago 
This looks like a dupe of 163960 (although hotmail uses multiple servers, not
virtual hosts), which is however a WONTFIX. I think we'll need a regular
expression like *.hotmail.passport.com to fix that.

But I'm not 100% how to do this with virtual hosts. If the ip-addresses are the
same, we still can't be sure that the passwords are the same. What if we have a
www.store.tld and a www.forum.tld that map to the same physical ip-address, and
where I have 2 /different/ accounts ? We could present the user with the 2
different usernames, but he/she might be surprised to see that we offer to send
the 'store' username & password to the forum instead. That might be a huge
security breach ! It's not because 2 sites share the same ip-address, that
they're controlled by the same people.

And what are we supposed to do with sites that have virtual hosts, but that
itself are mapped to multiple ip-addresses ? Like geocities for example.
Whiteboard: DUPEME

Comment 2

16 years ago 
--> Password Manager
Component: Security: General → Password Manager

Comment 3

16 years ago 
Reassigning (sorry for the spam)
Assignee: mstoltz → morse
QA Contact: bsharma → tpreston

Comment 4

16 years ago 

*** This bug has been marked as a duplicate of 92966 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → DUPLICATE
Product: Browser → Seamonkey

Updated

5 years ago
Whiteboard: DUPEME
You need to log in before you can comment on or make changes to this bug.