373154 - Password and Form Routines Should Be Separated

Status: RESOLVED WONTFIX

(Toolkit :: Password Manager, enhancement)

Description

[Robert Chapin]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2

From Bug #360493, in reviewing the nsPasswordManager module I came to the conclusion that weeding out the Form routines would be an ideal goal in any future re-design of this feature.

Many of the practical and theoretical concerns in 360493 were caused or exacerbated by the integrated forms-and-passwords design.

To take this idea to the extreme:

1.  Create two, logically separate modules for Form Management and Password Management.

2.  Allow the Form Management module to unlock passwords only by calling on a Password Management function.

3.  Require the Form Management module to include in its function call all of the necessary data needed to validate an authentication request.

4.  Require the Password Management module to hand-off validated credential requests directly to the transmission function, so that the Form Management module is never in possession of saved credentials.  (Note: This is an idealistic feature that would exclude scripting of saved credentials.)

5.  Eliminate all Form-related routines from the Password Management module.

Reproducible: Always

Comment 1

[Justin Dolske [:Dolske]]

This really just doesn't make sense to me. The Password Manager needs to do things with forms that Satchel (the form manager) does not. The approach described just sounds like shifting code from one place to another, and introducing needlessly complex intra-module communication.