Closed Bug 379997 Opened 18 years ago Closed 18 years ago

Logins should not be deleted if authentication fails

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla1.9alpha5

People

(Reporter: Dolske, Assigned: Dolske)

References

Details

(Keywords: dataloss)

Attachments

(1 file, 1 obsolete file)

DO NOT WANT 18 years ago Justin Dolske [:Dolske] 6.90 KB, patch		Details \| Diff \| Splinter Review
DO NOT WANT 18 years ago Justin Dolske [:Dolske] 6.86 KB, patch	Biesinger : review+ Biesinger : superreview+	Details \| Diff \| Splinter Review

Justin Dolske [:Dolske]

Assignee

Description

•

18 years ago

The code in question in calling pwmgr's RemoveUser in two places, when an authentication attempt fails... ClearPasswordManagerEntry() around http://mxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpChannel.cpp#4637 and nsFtpState::R_pass() around http://mxr.mozilla.org/seamonkey/source/netwerk/protocol/ftp/src/nsFtpConnectionThread.cpp#817 This might seem to make sense at first glance (why store a password we know doesn't work), but it's wrong. It's not uncommon for servers to have glitches that cause valid logins to fail. For example, a front-end server being unable to contact some back-end authentication server.

Christian :Biesinger (don't email me, ping me on IRC)

Comment 1

•

18 years ago

for reference, the http version was added in bug 91968

:Gavin Sharp [email: gavin@gavinsharp.com]

Comment 2

•

18 years ago

And FTP in bug 114118.

Justin Dolske [:Dolske]

Assignee

Comment 3

•

18 years ago

Attached patch DO NOT WANT (obsolete) — Details — Splinter Review

Removes the code in question.

Attachment #264640 - Flags: review?(gavin.sharp)

Justin Dolske [:Dolske]

Assignee

Comment 4

•

18 years ago

Attached patch DO NOT WANT — Details — Splinter Review

Oops, forgot to edit one line.

Attachment #264640 - Attachment is obsolete: true

Attachment #264641 - Flags: review?(gavin.sharp)

Attachment #264640 - Flags: review?(gavin.sharp)

:Gavin Sharp [email: gavin@gavinsharp.com]

Comment 5

•

18 years ago

You should request review from a netwerk peer, like biesi.

Component: Password Manager → Networking

Product: Firefox → Core

QA Contact: password.manager → networking

Target Milestone: Firefox 3 alpha5 → ---

:Gavin Sharp [email: gavin@gavinsharp.com]

Updated

•

18 years ago

Target Milestone: --- → mozilla1.9alpha5

Justin Dolske [:Dolske]

Assignee

Updated

•

18 years ago

Attachment #264641 - Flags: review?(gavin.sharp) → review?(cbiesinger)

Christian :Biesinger (don't email me, ping me on IRC)

Updated

•

18 years ago

Attachment #264641 - Flags: review?(cbiesinger) → review+

Christian :Biesinger (don't email me, ping me on IRC)

Updated

•

18 years ago

Attachment #264641 - Flags: superreview+

:Gavin Sharp [email: gavin@gavinsharp.com]

Comment 6

•

18 years ago

mozilla/netwerk/protocol/ftp/src/nsFtpConnectionThread.cpp 1.311 mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp 1.309 mozilla/netwerk/protocol/http/src/nsHttpChannel.h 1.90

Status: NEW → RESOLVED

Closed: 18 years ago

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Logins should not be deleted if authentication fails

Categories

(Core :: Networking, defect)

Tracking

()

People

(Reporter: Dolske, Assigned: Dolske)

References

Details

(Keywords: dataloss)

Crash Data

Security

(public)

User Story

Attachments

(1 file, 1 obsolete file)

Description

Comment 1

Comment 2

Comment 3

Comment 4

Comment 5

Updated

Updated

Updated

Updated

Comment 6

Attachment

General

Description

File Name

Content Type