Closed Bug 449701 Opened 17 years ago Closed 17 years ago

legacy storage module shouldn't share login objects across XPCOM

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.9.1a2

People

(Reporter: Dolske, Assigned: Dolske)

References

Details

Attachments

(1 file, 2 obsolete files)

Patch v.3
11.01 KB, patch
Gavin
: review+
Details | Diff | Splinter Review
Attached patch Patch v.1 (obsolete) — Splinter Review
This came up briefly during the original review for login manager, but I think it should be revisited. The original concern was around if the overhead of creating clone objects was worth the risk of keeping decrypted strings around. Since GC make it difficult to prevent data from floating around in memory anyway, we decided to punt. Still, I think it would be good to at least make a fair effort at not persisting this data for too long. Additionally, this would have prevented misleading test bug, which would have caught bug 449698.
Attached patch Patch v.2 (obsolete) — Splinter Review
Added explicit tests for this condition. Build on top of the changes for bug 449698, so there's a bit of extra diffs here. :(
Attachment #332871 - Attachment is obsolete: true
Attachment #333044 - Flags: review?(gavin.sharp)
Depends on: 449698
Target Milestone: --- → mozilla1.9.1a2
Attached patch Patch v.3Splinter Review
Cleaned up patch, now that dependent bug landed.
Attachment #333044 - Attachment is obsolete: true
Attachment #333305 - Flags: review?(gavin.sharp)
Attachment #333044 - Flags: review?(gavin.sharp)
Comment on attachment 333305 [details] [diff] [review] Patch v.3 >diff --git a/toolkit/components/passwordmgr/src/storage-Legacy.js b/toolkit/components/passwordmgr/src/storage-Legacy.js > // If decryption failed (corrupt entry?) skip it. > // Note that we allow password-only logins, so username con be "". s/con/can/ s/username/decryptedUsername/ I wonder whether it would be worth adding a clone() on nsILoginInfo. Might be nice to have this code use the memoizing getter format that we're using elsewhere at some point (e.g. http://hg.mozilla.org/mozilla-central/index.cgi/annotate/a2837ff832c9/browser/base/content/browser.js#l126 ).
Attachment #333305 - Flags: review?(gavin.sharp) → review+
Fixed nits, pushed changeset bfed06cd8ad7.
Status: NEW → RESOLVED
Closed: 17 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: