Implement Password manager for java applets

RESOLVED INVALID

Status

()

Toolkit
Password Manager
--
enhancement
RESOLVED INVALID
15 years ago
10 years ago

People

(Reporter: jord wegge, Unassigned)

Tracking

Trunk
x86
All
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8

Firefox will not (offer to) remember passwords asked by java-applets although
the same password is required and known to the password manager to enter the site.

Reproducible: Always
Steps to Reproduce:
1.go to http://www.qualifeed.be/
2.login = joluyck
3.pasw=rfcwlp

Actual Results:  
pasw is stored for site access, not for java

Expected Results:  
not asked twice the pasw for java

Default theme

Comment 1

15 years ago
CCing Jesse since I don't believe this is a bona fide security bug, unless you 
don't want the login revealed? 
 
As to the matter at hand, I can confirm that the password manager is not 
supplying the login info to the java login. I don't believe that's a bug 
though but rather implementing this would fall under the category of an 
enhancement. 
 
Mozilla Browser does the same thing as Firefox. Interestingly though, using 
Konqueror+kwallet in Linux the java login never appears even though the java 
applets are working. I can only surmise that kwallet supplied the necessary 
info to the java applet upon loading the page. I'm not at all familiar with IE 
so I don't what it does under these circumstances. 
 
Confirming so that Brian can make a decision with respect to implementing 
this. 
Severity: minor → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows XP → All
Summary: Password manager works for regular passwords, but not for passwords asked by java-applets → Implement Password manager for java applets

Updated

15 years ago
Group: security

Comment 2

13 years ago
"I don't believe this is a bona fide security bug, unless you
don't want the login revealed?"
"I don't believe that's a bug though but rather implementing this would fall
under the category of an enhancement."

Are you saying this bug is not important? Are you kidding? This might not be a
security bug, but it is a major usability bug. Users might rightfully think,
that something is broken. Most users don't even know there is something like an
applet at work, how could they?

Wait a minute! If users think a page that requires extra security protection
through a password and also must think the page is somehow broken, as it does
not accept their password or requires it twice, then users think the page is
insecure. I hope I can convince you that it is in the end a security bug or at
least a bug that influences the perception of security or lack of it.

By the way, IE 6.0 does not ask a second time for the authentication information.

Kind regards

K<o>

Comment 3

12 years ago
Mass edit: Changing QA to default QA Contact
QA Contact: davidpjames → password.manager
Assignee: bryner → nobody
Version: unspecified → Trunk
Java applets are external code running in their own VM. The browser can't just reach in and dig around for a username and password, not is their any standard API I know of to do this.
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → INVALID
(Assignee)

Updated

10 years ago
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.