404361 - username & password used for connections via ftp:// are stored in history

Status: RESOLVED DUPLICATE of bug 130327

(Firefox :: Bookmarks & History, enhancement)

Description

[Christoph Voigt]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9

While there's an option to protect stored passwords in ffox it's still possible to see the cleartext username & password for an ftp connection when the user opens it by using the URI syntax ftp://user:pass@site.tld
The complete URI, including user & pass gets stored in the history which could pose a possible security risc. it's also copied to the clipboard when you select the history-item and use the "copy link location" function.

Additionally, user & pass get stored automatically, the user is not asked if he actually wants to store this sensitive information.

Reproducible: Always

Steps to Reproduce:
1. open ftp://user:pass@site.tld
2. open history and use "copy link location" function (context menu) OR type ftp://user into the adressbar and wait for autocompletion


Expected Results:  
1. when ftp connection is established by using the ftp://user:pass@site.tld syntax, password manager should jump in and ask if the user wants to save those credentials
2. completely strip username & password from browser history!

I marked this one a security issue as I dont want to outrule the possibility of someone beeing clever and get some sort of hack out in the wild that parses the users history for ftp:// strings. If you don't share my view on this matter, feel free to remove the security flag.
This is marked as an enhancement request due to the character of the problem. It's not really a bug in FF, it's something that could be improved.