Closed
Bug 27973
Opened 25 years ago
Closed 25 years ago
advanced.mailftp (address as password) SHOULDN'T default ON (true)!
Categories
(SeaMonkey :: Preferences, defect, P3)
Tracking
(Not tracked)
People
(Reporter: bugzilla, Assigned: matt)
Details
Attachments
(1 file)
|
696 bytes,
patch
|
Details | Diff | Splinter Review |
In:
http://lxr.mozilla.org/seamonkey/source/modules/libpref/src/init/all.js#189
the pref:
pref("advanced.mailftp", true);
is defaulted to TRUE which means:
"Send email address as password to anonymouse FTP sites!"
Expected:
Is off per default!
sairuh - this pref has nothing to do with mail functionality. It has to do with
ftp functionality :-)
QA Contact: lchiang → sairuh
reassgin to mcafee since he's the author for pref-irc.xul which has
"advanced.mailftp".
Assignee: chuang → mcafee
|
||
Comment 5•25 years ago
|
||
pref-irc.xul should be empty right now, this pref is also in:
http://lxr.mozilla.org/seamonkey/source/xpfe/components/prefwindow/resources/content/pref-advanced.xul#80
which makes this a mailnews bug. Back to chuang.
Assignee: mcafee → chuang
I don't own pref-advanced.xul. Mailnews doesn't use this pref.
Assignee: chuang → matt
|
|
||
Comment 7•25 years ago
|
||
4.x profiles migrated forward do not have this problem, as it was off by default
there.
This would seem to merit being a beta 1 blocker, as this would be very bad PR
for the project early on if "Mozilla Gives Out Your E-mail Address to Every FTP
Site" gets splashed around in the media.
|
|
||
Updated•25 years ago
|
Target Milestone: M16 → M18
|
Reporter | |
Comment 9•25 years ago
|
||
I still think this is important for moving to M18. Talk about bad security if
your e-mail address is submitted to all FTP sites.
|
|
||
Comment 10•25 years ago
|
||
Bug 35317, "Option "Send email as anonymous ftp password" should not be on by
default", has been made a DUP of RFE bug 17661, "RFE: pref for "Prompt to send
e-mail address as FTP password""... creating such a pref, using it, and setting
it true by default would address this problem, but:
If that is to be a distinct pref, either bug 17761 needs to no longer be
an RFE, or advanced.mailftp also needs to default to false.
The other alternative, and this feels cleaner to me, would be to make
advanced.mailftp accept three states: "yes", "no", and "ask", corresponding to:
+-----FTP---------------------------------------------------+
| ( ) Send email address as FTP password |
| (*) Do not send email address as FTP password |
| ( ) Ask before sending email address as FTP password |
+-----------------------------------------------------------+
Note that anyone using MailNews (or whatever it will be called) as a primary
mail user agent does not have the option of using a null or bogus email
address to avoid leaking their real address to FTP sites.
Summary: advanced.mailftp should NOT be true as default! → advanced.mailftp (address as password) SHOULDN'T default ON (true)!
|
|
Reporter | |
Comment 13•25 years ago
|
||
|
||
Comment 14•25 years ago
|
||
What happens when the pref is off? Will we just send a random string, or will
we prompt the user? A lot of users might be confused by the latter behavior,
since other browsers don't ask them for passwords on ftp sites, and if they
haven't used a command-line ftp client., they probably won't expect to have to
type a password.
|
||
Comment 15•25 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
|
||
Comment 16•25 years ago
|
||
akk, we send a "random" string ("mozilla@").
Seems like this pref is never used.
<rant>
If it was, and I didn't file a new bug and fixed it, N6 would have shipped with
default on. Something like that must not happen. You need to care more about
your bugs.
</rant>
|
||
Updated•21 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•