Closed Bug 372866 Opened 18 years ago Closed 18 years ago

Camino captures passwords from Safari

Categories

(Camino Graveyard :: OS Integration, defect)

Product:
Camino Graveyard
Component:
OS Integration
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Camino1.5

People

(Reporter: panther72, Assigned: stuart.morgan+bugzilla)

Details

(Keywords: fixed1.8.1.4)

Attachments

(1 file, 1 obsolete file)

v2
12.20 KB, patch
jaas
: review+
mikepinkerton
: superreview+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en; rv:1.8.1.2pre) Gecko/20070223 Camino/1.1b Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en; rv:1.8.1.2pre) Gecko/20070223 Camino/1.1b When using Camino 1.1beta and allowing it to use stored passwords of Safari from within my keychain Safari is no longer able to use these passwords. I have to reenter these and there will be duplicate entries in my keychain. Reproducible: Always Steps to Reproduce: 1. please see Details 2. 3. Actual Results: Safari is no longer able to use these passwords. I have to reenter these and there will be duplicate entries in my keychain. Expected Results: Safari should be able to stille use these passwords.
Assignee: dveditz → nobody
I definitely see this; ouch. I assume that it's objecting to our odd use of security domain on web passwords, since that's the only thing I can think of that we change on items we don't make. Obviously I need to fix this for 1.1, either by finding a new way to do the domain thing, or just not enforcing it on any Safari-created password (and accepting that Safari won't use our passwords as a result). Thanks for reporting this.
Assignee: nobody → stuart.morgan
Status: UNCONFIRMED → NEW
Component: Security → OS Integration
Ever confirmed: true
Target Milestone: --- → Camino1.1
Flags: camino1.1?
QA Contact: camino → os.integration
Attached patch fix (obsolete) — Splinter Review
This switches us to a parallel store of action hosts. It's not ideal, but putting it in the comment (or breaking Safari compatibility) seemed worse. This will fix any items we messed with before as they are used, rendering them readable by Safari again.
Attachment #257633 - Flags: review?(joshmoz)
Attached patch v2Splinter Review
Forgot to fix up the reset browser functionality to handle the new list.
Attachment #257633 - Attachment is obsolete: true
Attachment #257634 - Flags: review?(joshmoz)
Attachment #257633 - Flags: review?(joshmoz)
Keychain still lists both Safari and Camino for the affected passwords under the tab "Access Control". I'm not a developer, but could it be, that a bug in Keychain is the problem? Normally Keychain should be able to handle access to passwords for more than one application.
No, it's definitely not a Keychain bug.
Comment on attachment 257634 [details] [diff] [review] v2 r+ with comments from IRC
Attachment #257634 - Flags: review?(joshmoz) → review+
Comment on attachment 257634 [details] [diff] [review] v2 Josh wanted me to be clearer about specifically what code could be removed later in my TODO comments; I'll just fix on checkin if there's nothing else needing changes.
Attachment #257634 - Flags: superreview?(mikepinkerton)
Comment on attachment 257634 [details] [diff] [review] v2 sr=pink
Attachment #257634 - Flags: superreview?(mikepinkerton) → superreview+
Landed on trunk and MOZILLA_1_8_BRANCH. Just to be clear, the expected behavior now is that not only will we not steal any more passwords from Safari, but once you use a password in Camino that we stole from Safari it should be readable by Safari again.
Status: NEW → RESOLVED
Closed: 18 years ago
Keywords: fixed1.8.1.4
Resolution: --- → FIXED
Flags: camino1.1?
Flags: camino1.1+
Flags: camino1.0.5?
Clearing nomination; 1.8.0 fix will be in bug 379438.
Flags: camino1.0.5?
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: