Smoketesting yesterday's 1.0.3 candidate (the full installer) on win2k, setting a master password that should be asked for "every time", filling in squiddy/calamari at http://www.mozilla.org/quality/browser/front-end/testcases/wallet/login.html and submitting did _not_ ask me for my master password. The password _was_ saved, and I could open the password manager and hit "show passwords" without once being asked for the master password. Trying to find a regression range, all zip builds back until at least 20060125 showed this behaviour. My current 1.1a build (2006070403) with a years old profile does not show this bug, so this either regressed after 1.8.0 was split off from 1.8 (2005-12-09), or was later fixed on 1.8 but not 1.8.0. However, I find it very strange that we could've had this bug for 6+ months without knowing about it, and in fact I did the exact same smoketest run with the 20060128 build without seeing this problem. In #seamonkey, Aqualon reports not seeing the problem with Win XP and 1.0.3 (for both existing and clean profiles), but Ratty does see the problem. (Also on Win XP.) Color me confused. What's the missing factor? More confirmations would be good to know if the 1.0.3 release should block on this or not.
Aqualon cracked the difference - If "Use encryption when storing sensitive data" is not checked, the master password is never asked; otherwise it is. (I'd forgotten to enable this pref this smoketest run, but had followed the instructions to the letter than previous run.) I propose setting the default value for the encryption pref to true for 1.0.3 (as well as for trunk and the 1.8 branch), and writing a real fix for this issue later on, assuming that the need for encryption when the master password is set doesn't turn out to be intended behaviour.
I just realized that if encryption is default, then as soon as a password gets saved, seamonkey will ask for a master password. There's lots of users who don't want to bother with a master password, so that change would break them. Rather, the two prefs should be merged: you can't encrypt without a master password, and if you have a master password set, there's no reason not to want to encrypt. So, I propose to remove (the UI for) this pref and make it depend on if the master password is set. Meh, what a mess. Don't think it should block anymore, as it looks like this is something that's been the case forever, and is expected behaviour (if not intended). Will leave the blocking flag for the council to decide upon though.
OK, as both prefs are off by default, and we have shipped all previous releases with that code in the same situation, then I don't see it blocking us at the moment. We should relnote this though, and we should try to figure out a good fix for the issue.
The first time someone saves a password with a new profile there used to be a dialog trying to explain the difference between "obscured" and "encrypted" passwords. Is that gone? The default is obscured.
There is a window, when you save a password for the first time with the following text: Saving Passwords and Other Sensitive Information##Password Manager and Form Manager will save passwords, user names, and other sensitive information and enter them for you automatically when they are required.#This sensitive information is stored on your computer in a file that's difficult, but not impossible, to read.#If other people have access to your computer, you may want to password protect the stored sensitive information by choosing a Master Password.#If you choose to password protect your stored information, you will be asked to provide your Master Password from time to time. This approach provides better security but is slightly less convenient. So we recomment to use a Master Password, but don't tell it's useless, if only the Master Password is set, without the encryption.
Created attachment 231150 [details] Patch, set wallet.crypto to true, if master password is set Whenever the master password gets changed, encryption for passwords is enabled. I tested it with SeaMonkey 1.0.3 and it worked fine, but since I'm not very familiar with the password manager code, I can't say if there could be any unwanted side effects.
Created attachment 231152 [details] [diff] [review] set wall.crypto to true, if master password gets changed correct file this time, sorry for spam
Well, I read our documentation for this feature, and it clearly states that a Master Password is used to protect personal certificates and encrypted passwords but not obscured passwords. The problem is with the initial password warning dialog. There it claims you need to set a Master Password to protect your passwords. This is clearly incorrect. I thought at one point it offered to encrypt your passwords, but then again it isn't a dialog I use a lot, so I have probably misremembered.
Comment on attachment 231152 [details] [diff] [review] set wall.crypto to true, if master password gets changed not working as expected, make a new patch
(In reply to comment #8) > I thought at one point it offered to encrypt your passwords, but > then again it isn't a dialog I use a lot, so I have probably misremembered. It does that, when encryption is enabled. But just setting a Master Password without explicitly enabling encryption is useless.
I have the problem, that I can set the pref to true, but since the PrefWindow still thinks wallet.crypto is set to false, it sets the pref back to false after a click on Ok. Has anyone an idea, how I could tell the PrefWindow, that something has changed?
(In reply to comment #10) >But just setting a Master Password >without explicitly enabling encryption is useless. Please understand that the Master Password is not supposed to protect your passwords. Instead, it is used for encryption, such as a personal certificate. Now of course you can choose to encrypt your passwords, in which case you will be automatically required to set a Master Password, but the reverse is false.
Ok, but the our explanation text for master password is very misleading. "Your Master Password protects sensitive information such as web passwords and certificates." When I read this text the first time, I would probably think that I only have to set a master password to protect my passwords. There's no hint, that I also have to enable encryption in another prefpane. I still can't see any sense in setting the master password and disabling encryption or has the master password any other function except the usage for encryption?
INVALID, as disabling encryption is not supported any more.