Closed Bug 203894 Opened 21 years ago Closed 13 years ago

Make master password prompt modal to desktop

Categories

(Core Graveyard :: Security: UI, enhancement)

Other Branch
x86
Windows 2000
enhancement
Not set
normal

Tracking

(Not tracked)

VERIFIED DUPLICATE of bug 461455

People

(Reporter: simone.avogadro, Unassigned)

References

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312

Other applications may get focus when I'm typeing the keystore password, this
sould not happen: that window should be modela respect to the desktop, not only
to the mozilla suite.
As a result I might happen to type the password (usually: part of it) in clear
into another application

Reproducible: Always

Steps to Reproduce:
1. Begin a medium length operation on an application which will pop to fron once
finished
2. Try signing a message
3. The passphrase box appears
4. Start typeing and wait for the other application to popup
5. The other application pops to front while you are typeing


Actual Results:  
you keystore password is now compromised

Expected Results:  
should have keept focus (by setting the window modal respect to the whole desktop
*** Bug 203895 has been marked as a duplicate of this bug. ***
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: focus changes when inserting keystore password → Make master password prompt modal to desktop
Mass reassign ssaux bugs to nobody
Assignee: ssaux → nobody
Product: PSM → Core
Too bad there's no way to vote against a bug, I'd like to do so.

Granted, *NO* application should ever be allowed to grab the focus in any GUI;
the focus ought to always stay within the application which was last manually
clicked on.  But that is an issue with the GUI itself.

Any application which hangs onto the focus, as you advocate Mozilla do, is just
as "ill-behaved" as one which grabs the focus.
mh: this has to do with OS'es philosophy.
IMHO only 'trusted' applications should be allowed to grab the user focus, while
on the other hand the user should be always able to give focus to another program.
 This way the _user_ can switch (he knows) to another program, but no _program_
cannot take over the focus, so not to surprise the user


(In reply to comment #3)
> Too bad there's no way to vote against a bug, I'd like to do so.
> 
> Granted, *NO* application should ever be allowed to grab the focus in any GUI;
> the focus ought to always stay within the application which was last manually
> clicked on.  But that is an issue with the GUI itself.
> 
> Any application which hangs onto the focus, as you advocate Mozilla do, is just
> as "ill-behaved" as one which grabs the focus.
since OS'es don't allow this I do propose the following fix:
- open the master password dialog
- listen for focus changes
- if focus is lost popup a warning (regain the focus) and close the master
password dialog

this way the password won't be compromised


QA Contact: bmartin → ui
I know bug 461455 is a newer one, but it has more discussion going on
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.