Closed Bug 390801 Opened 17 years ago Closed 15 years ago

Thunderbird "strangely" stores IMAP/POP/LDAP credentials in password manager

Categories

(Thunderbird :: Security, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED
Thunderbird 3.0b2

People

(Reporter: damiano.albani, Unassigned)

References

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.8.1.3) Gecko/20070310 Iceweasel/2.0.0.3 (Debian-2.0.0.3-1)
Build Identifier: Thunderbird 2

When Thunderbird stores connection credentials for IMAP/POP servers into the password manager, the login is embedded in the nsIPassword.host property, e.g. :
         Host                  Username      Password
imap://login@domain.com        (empty)      <password>
mailbox://login@domain.com     (empty)      <password>

Is there any particular technical reason to this ?
I'm developing some kind of password management extension for Thunderbird and this behavior causes me some trouble.

The issue becomes more annoying with LDAP directories, as only the URI is stored in the host property, losing the "bind DN" information, which can be considered as the username in a way. So, as far as I understand it, it's not possible to have Thunderbird remember the passwords for 2 LDAP directories with the same URI but different bind DN, is it ?

On a side note, when you look at stored passwords in the "view saved passwords" window, there can be encoding issues at times, e.g. "firstname.surname" is displayed as "firstname%2Esurname". So I think username and password cells in the XUL tree should be passed through decodeURIComponent().
See <http://mxr.mozilla.org/mozilla1.8/source/mail/components/preferences/viewpasswords.js#205>

Reproducible: Always
This is currently being looked at as part of bug 239131. That bug may not fully resolve the LDAP problems. Marking as a dependency and we can revisit it once bug 239131 is fixed.
Status: UNCONFIRMED → NEW
Depends on: 239131
Ever confirmed: true
Assignee: dveditz → nobody
The display of these are now fixed with the landing of bug 239131. LDAP directories are a different issue that is already filed.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 3.0b2
You need to log in before you can comment on or make changes to this bug.