User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8 Firefox will not (offer to) remember passwords asked by java-applets although the same password is required and known to the password manager to enter the site. Reproducible: Always Steps to Reproduce: 1.go to http://www.qualifeed.be/ 2.login = joluyck 3.pasw=rfcwlp Actual Results: pasw is stored for site access, not for java Expected Results: not asked twice the pasw for java Default theme
CCing Jesse since I don't believe this is a bona fide security bug, unless you don't want the login revealed? As to the matter at hand, I can confirm that the password manager is not supplying the login info to the java login. I don't believe that's a bug though but rather implementing this would fall under the category of an enhancement. Mozilla Browser does the same thing as Firefox. Interestingly though, using Konqueror+kwallet in Linux the java login never appears even though the java applets are working. I can only surmise that kwallet supplied the necessary info to the java applet upon loading the page. I'm not at all familiar with IE so I don't what it does under these circumstances. Confirming so that Brian can make a decision with respect to implementing this.
Severity: minor → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows XP → All
Summary: Password manager works for regular passwords, but not for passwords asked by java-applets → Implement Password manager for java applets
"I don't believe this is a bona fide security bug, unless you don't want the login revealed?" "I don't believe that's a bug though but rather implementing this would fall under the category of an enhancement." Are you saying this bug is not important? Are you kidding? This might not be a security bug, but it is a major usability bug. Users might rightfully think, that something is broken. Most users don't even know there is something like an applet at work, how could they? Wait a minute! If users think a page that requires extra security protection through a password and also must think the page is somehow broken, as it does not accept their password or requires it twice, then users think the page is insecure. I hope I can convince you that it is in the end a security bug or at least a bug that influences the perception of security or lack of it. By the way, IE 6.0 does not ask a second time for the authentication information. Kind regards K<o>
Mass edit: Changing QA to default QA Contact
QA Contact: davidpjames → password.manager
Assignee: bryner → nobody
Version: unspecified → Trunk
Java applets are external code running in their own VM. The browser can't just reach in and dig around for a username and password, not is their any standard API I know of to do this.
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.