Closed
Bug 24991
Opened 25 years ago
Closed 6 years ago
mail with webpage from restricted site should ask for username/password
Categories
(MailNews Core :: Networking, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: bugzilla, Unassigned)
References
()
Details
(Whiteboard: [nsbeta2-])
Use the "send page" from a restricted site that you logged into, and send the page to a mozilla account. Now read the mail with the attached html page. Mozilla will keeps asking for username/password. Expected: Same behavior as in Netscape 4.7 where netscape only asked for username/password once.
Need a retest...does this happen on todays builds.
Whiteboard: [NEED INFO]
Reporter | ||
Comment 5•24 years ago
|
||
When I send a webpage from a restricted site to a Mozilla mail account, the page show gets shown. it no longer asks for any username/password. So it seems fixed.
Scott, This bug does not appear to be fixed. Seamonkey is not behaving like Communicator 4.x. When I sent a restricted page, we should prompt the user for a username and password. On today commercial seamonkey build, we do not prompt the user. We just display the complete message without prompting. Steps to reproduce problem: 0) From Communicator 4.72, send yourself a restrict web page that requires login and password. In my test, I used the internal helpdesk web page. http://request.mcom.com/helpdesk/alliance_rout1.htm 1) Deleted my previous user profile before installing to todays build. 2) Install the 0524 build 3) Launch Messenger 4) Retrieve your mail message The mail message displays the message body without prompting for a login id or password. Under 4.72, when you view a restricted page, it spawn a browser window then puts up a login dialog. If the user cancels out the dialog then you receive an authorication error. This problem occurs on today win32 2000-24-09 -m16 and macos 2000-2419-.1 Re-open bug.
re-open bug - clearing resolution.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Reporter | ||
Comment 9•24 years ago
|
||
I can verify that Mozilla never shows the username/password dialog using build 2000052420. Netscape 4.x did this. If you send a webpage by mail, the entire webpage is there in the mail, even though it's from a restricted site. Perhaps Mozilla should check either the "Content-Base" or "Content-Location" to see if we're talking about a webpage from a restricted site.
Reporter | ||
Comment 11•24 years ago
|
||
Another way to test this, is by subscribing to the: "netscape.public.mozilla.crash-data" newsgroup. The postings: "7:00am Crash Data Summary" has a <base href="http://cyclone:8080/reports/"> when generates an alert saying: "news.mozilla.org could not be found. Please check the name and try again."!
Comment 12•24 years ago
|
||
removing nsbeta2+ and asking for consideration to cut from beta2. mscott, does this still sound ok to you?
Whiteboard: [nsbeta2+]
Comment 13•24 years ago
|
||
Putting on [nsbeta2-] radar. Not critical to beta2.
Whiteboard: [nsbeta2-]
Reporter | ||
Comment 14•24 years ago
|
||
Changed subject to the new state of this bug.
Summary: mail with webpage from restricted site keeps asking for username/password → mail with webpage from restricted site should ask for username/password
Updated•24 years ago
|
Target Milestone: M17 → ---
Comment 15•21 years ago
|
||
Is this bug about sending or receiving?
Updated•20 years ago
|
Product: MailNews → Core
Updated•16 years ago
|
Assignee: mscott → nobody
Status: REOPENED → NEW
QA Contact: pmock → mailnews.networking
Assignee | ||
Updated•16 years ago
|
Product: Core → MailNews Core
Updated•16 years ago
|
Priority: P3 → --
Comment 16•12 years ago
|
||
Tony, what do you think?
Comment 17•12 years ago
|
||
(In reply to Wayne Mery (:wsmwk) from comment #16) > Tony, what do you think? Well, what is the "expected" behaviour? If I send a page (as opposed to a link) by mail, I would expect a _copy_ of the page to be sent as attachment, and visible with no need to input any UN+PW, provided only that the _sender_ had the necessary permissions. But some of the posters above seem to expect that _both_ sender and receiver need appropriate credentials. Is there a relevant RFC or something?
Comment 18•11 years ago
|
||
(In reply to Tony Mechelynck [:tonymec] from comment #17) > (In reply to Wayne Mery (:wsmwk) from comment #16) > > Tony, what do you think? > > Well, what is the "expected" behaviour? If I send a page (as opposed to a > link) by mail, I would expect a _copy_ of the page to be sent as attachment, > and visible with no need to input any UN+PW, provided only that the _sender_ > had the necessary permissions. But some of the posters above seem to expect > that _both_ sender and receiver need appropriate credentials. Is there a > relevant RFC or something? dunno. maybe someone else ...
Comment 19•11 years ago
|
||
It should be virtually impossible to send the full context with a message. Authentication may come in various forms, how would one know which variant to apply, and how to keep track of related cookies, etc.? Current behavior is to send the page verbatim, i.e., any included images aren't resolved and attached but included as remote content (I'd suspect the same is happening with {i}frames, so this would be a suitable mechanism to enforce any authentication-related problems, but then you aren't sending that message at all just a reference to it). I'm not aware of any IETF regulations on that. Given that you can just use View > Message Source to read an HTML attachment coming from a web page, enforcing any credentials at this time would be rather moot anyway. It's the responsibility of the sender whether or not the message is acceptable to send to anybody else (and everybody eavesdropping, for that matter).
Comment 21•6 years ago
|
||
I think we can close this yes. I think the "send page" feature should be removed too - it's a really odd feature.
Status: NEW → RESOLVED
Closed: 24 years ago → 6 years ago
Flags: needinfo?(mkmelin+mozilla)
Resolution: --- → WONTFIX
Comment hidden (collapsed) |
You need to log in
before you can comment on or make changes to this bug.
Description
•