Closed Bug 442020 Opened 17 years ago Closed 17 years ago

Warn if submitting password to non-ssl site.

Categories

(Firefox :: Security, enhancement)

Product:
Firefox
Component:
Security
Platform:
x86
Linux
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: jergendutch, Unassigned)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9) Gecko/2008052912 Firefox/3.0 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9) Gecko/2008052912 Firefox/3.0 Often sites will use a form action on a non-ssl page which points TO an ssl page. It would be helpful if firefox could warn me if I was submitting a form containing a password field to a non-ssl page. Reproducible: Always Steps to Reproduce: 1. 2. 3.
> Often sites will use a form action on a non-ssl page which points TO an ssl page. This setup is no more secure than using non-ssl throughout. See http://www.squarefree.com/2005/05/28/banks-and-https/. I suppose Firefox could have an option to warn whenever you enter a password on a non-SSL page, but I imagine this would get annoying fast. It wouldn't help you during an attack, but it might help you avoid sites that don't use https properly for logins (if that's your goal), such as the site you described in comment 0.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.