Password and Form Routines Should Be Separated

RESOLVED WONTFIX

Status

()

Toolkit
Password Manager
--
enhancement
RESOLVED WONTFIX
11 years ago
9 years ago

People

(Reporter: Robert Chapin, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2

From Bug #360493, in reviewing the nsPasswordManager module I came to the conclusion that weeding out the Form routines would be an ideal goal in any future re-design of this feature.

Many of the practical and theoretical concerns in 360493 were caused or exacerbated by the integrated forms-and-passwords design.

To take this idea to the extreme:

1.  Create two, logically separate modules for Form Management and Password Management.

2.  Allow the Form Management module to unlock passwords only by calling on a Password Management function.

3.  Require the Form Management module to include in its function call all of the necessary data needed to validate an authentication request.

4.  Require the Password Management module to hand-off validated credential requests directly to the transmission function, so that the Form Management module is never in possession of saved credentials.  (Note: This is an idealistic feature that would exclude scripting of saved credentials.)

5.  Eliminate all Form-related routines from the Password Management module.

Reproducible: Always
(Reporter)

Updated

11 years ago
Blocks: 373140
This really just doesn't make sense to me. The Password Manager needs to do things with forms that Satchel (the form manager) does not. The approach described just sounds like shifting code from one place to another, and introducing needlessly complex intra-module communication.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → WONTFIX
(Assignee)

Updated

9 years ago
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.