Closed Bug 320208 Opened 19 years ago Closed 19 years ago

Reset Camino clears out Keychain entries from other apps

Categories

(Camino Graveyard :: OS Integration, defect)

Product:
Camino Graveyard
Component:
OS Integration
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
Camino1.0

People

(Reporter: bugzilla-graveyard, Assigned: sfraser_bugs)

Details

(Keywords: fixed1.8)

Attachments

(1 file)

Proposed patch
2.50 KB, patch
Details | Diff | Splinter Review
Reset Camino (resetBrowser in MainController.mm) calls removeAllUsernamesAndPasswords on an instance of KeychainService. The code for that method appears to step through the user's entire keychain, deleting *all* HTTP entries, whether or not Camino put them there. This is a Bad Thing(tm) for anyone who uses multiple browsers that have the capability of storing site passwords in the Keychain, most notably Safari.
Asking for blocking 1.0. This is pretty bad. cl
Flags: camino1.0?
Sorry, with Carbon Keychain Manager API, there is no way to know which Application created a keychain entry. There is a bug which would move us to the new Keychain Services API (MacOSX10.2+), which the Kind field CAN tell you who wrote it, if you choose to create a kind for Camino Password/Camino Web form, instead of sharing those kinds with Safari. I submit that it results in poor user experience not to share that database with Safari. I would suggest the Reset Camino feature should not delete any keychain data without a specific option presented to the user that should alert the user that other saved web browser form and password data will be eliminated.
We were discussing this on IRC, and perhaps it's better to not touch the user's passwords until we can remove those that we 100% know are created by us? That is, turn off removing of keychain passwords until bug 172842 is fixed and we have a new keychain system.
Flags: camino1.0?
our options to alter behavior of reset camino: 1. do not delete the keychain passwords anymore 2. present user with a checkbox "Also Delete all Internet Keychain Passwords and Web Form Data" in reset camino dialog to clear them, defaulted off since the work has already been done to reset the keychain passwords, i think its a better solution to add the checkbox in the dialog some users will want to do it, for whatever reason
I don't think it's feasible to remove the passwords in this manner since we may remove passwords that other applications (Safari) have created. The feature is "Reset Camino", not "Reset Camino and part of Safari". :-) That's why I'd suggest not removing any passwords, until we have a working keychain implementation in place to deal with this properly.
Attached patch Proposed patchSplinter Review
This patch simply comments-out the removing of passwords - and references this bug for the future implementor of the new Keychain Services API. It also changes the wording of the "Reset Camino" dialog to reflect the fact that we not touch usernames/passwords.
Assignee: mikepinkerton → sfraser_bugs
I put an #if 0 around the -removeAllUsernamesAndPasswords call for now.
Status: NEW → RESOLVED
Closed: 19 years ago
Flags: camino1.0? → camino1.0+
Keywords: fixed1.8
Resolution: --- → FIXED
I didn't see a localizable.strings change with this in bonsai, and at the very least I think we need to remove the existing "and remove all remembered usernames and passwords" bit from the "Reset Camino" message. Even better would be a note along the lines of Håkan's proposed change, indicating that usernames and passwords saved by Camino in the Keychain will not be removed.
I'll fix the string to something reasonable. Maybe some newlines can highlight the fact that keychain entries will not get removed.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Fix the warning string along with checkins for bug 321882.
Status: REOPENED → RESOLVED
Closed: 19 years ago19 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: