Closed
Bug 39610
Opened 24 years ago
Closed 24 years ago
Bad http authentications not being deleted
Categories
(Core :: Networking, defect, P3)
Tracking
()
VERIFIED
FIXED
People
(Reporter: morse, Assigned: gagan)
References
()
Details
(Whiteboard: [nsbeta2+])
Attachments
(2 files)
3.72 KB,
patch
|
Details | Diff | Splinter Review | |
1.64 KB,
patch
|
Details | Diff | Splinter Review |
Go to a page requiring ftp authentication. Authentication dialog appears Enter an invalid password and check the save-password box Press OK Hangs on page load Exit and reenter browser, return to same page No authentication dialog is presented. Hangs on page load There are two problems here. First, the ftp code should be reporting an error to the user which it never does but I presume that is covered in some other bug report -- it is not the topic of this report. Second the ftp code should be informing the single-signon code to remove the bad login from the set of saved signons and it doesn't do that. The second item is the topic of this report. That second problem is very bad because as long as single signon has a saved password for this site, it never prompts the user again for a password in any return visits. The same problems will occur for http authentication but it's not as severe -- in that case, when the page is revisited the authentication dialog indeed pops up but is prefilled with the original bogus values. Those values would have been removed from the set of saved passwords had the http authentication code alerted the singon module that the values were bad. This is a regression. Such notification of bad values were being made by the ftp and http authentication modules at one time but were lost. That happened when ftp and http suddenly stopped using single signon (bug 34725 and 34720) and the fix of those bugs did not restore the notification.
Reporter | ||
Updated•24 years ago
|
Whiteboard: nsbeta2
Comment 1•24 years ago
|
||
I don't think ftp or http ever had any code to remove bad passwords after authentication failure. What's the SI API for this?
Comment 2•24 years ago
|
||
ftp never had delete bad auth code.
Reporter | ||
Comment 3•24 years ago
|
||
Both ftp and http authentication had such calls. The API is void SI_RemoveUser(in string key, in wstring userName);
Comment 4•24 years ago
|
||
I don't think they ever did, but we need to add them. Gagan, can you handle this now?
Assignee: warren → gagan
Comment 6•24 years ago
|
||
this is actually painful for ftp. If we include the user as part of the cached connection key, then we have to somehow cat the username (not sure where we could get it from) into URL's requested from the webshell/xul. How's this done in HTTP? If I login into a domain, then I request another URL from that domain, does HTTP assume I'm accessing the 2nd url as the user that auth'd to the first one?
Reporter | ||
Comment 7•24 years ago
|
||
Sorry, I previously put the nsbeta2 nomination on the summary line instead of the keyword line. No wonder it was never getting reviewed by PDT.
Keywords: nsbeta2
Whiteboard: nsbeta2
Comment 9•24 years ago
|
||
attatching proposed patch. steve can you please try this one out?
Assignee: gagan → valeski
Comment 10•24 years ago
|
||
Reporter | ||
Comment 11•24 years ago
|
||
I tried out the patch and it works fine. You can check it in with r=morse.
Comment 12•24 years ago
|
||
outtaa here!
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 13•24 years ago
|
||
Slow down!!!!!!! This bug report covers both ftp and http. You only fixed the problem for ftp as far as I know.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 14•24 years ago
|
||
changing summary and over to gagan.
Assignee: valeski → gagan
Status: REOPENED → NEW
Summary: Bad ftp authentications not being deleted, hangs on all future loads → Bad http authentications not being deleted
Assignee | ||
Comment 15•24 years ago
|
||
Reporter | ||
Comment 16•24 years ago
|
||
Looks good to me. r=morse
Assignee | ||
Comment 17•24 years ago
|
||
HTTP fix checked in.
Status: NEW → RESOLVED
Closed: 24 years ago → 24 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•