Clear Stored Data doesn't remove "Passwords Never Saved" data



Passwords & Permissions
18 years ago
13 years ago


(Reporter: sairuh (rarely reading bugmail), Assigned: Stephen P. Morse)


Windows NT

Firefox Tracking Flags

(Not tracked)




18 years ago
found while using branch/pr2/comm bits on winNT [2000.08.01.04-m17].

0. make sure you have password data that's been saved, as well as signon info
for which you had entered "Never for this Site." that way you can see data under
the tabs for "Passwords Saved" and "Passwords Never Saved" in the Stored
Passwords dialog.
1. select Tasks > s-p > Password Manager > Clear Stored Data.
2. click OK in the resulting dialog to clear the data.
3. verify by opening the Stored Passwords dialog.

results: there are no entries in the "Passwords Saved" tab (expected), but there
are still entries in the "Passwords Never Saved" tab.

i would expect that clearing the data will clear *both* saved password info, as
well as the sites for which you never want to save passwords. (after all, saved
form data is also removed via Clear Stored Data.) whether or not passwords are 
themselves saved, Clear Stored Data sounds broad enough to me to encompass
password, site and form info.

vera/matthew, what are your thoughts?

Comment 1

18 years ago
I'm wondering why `Clear Stored Data' is a menu item at all. Surely it's not 
going to be used nearly often enough to deserve a place in the menus. It should 
be a button in the Password Manager dialog instead.

Comment 2

18 years ago
I actually expected that this item removes only one's stored user names, 
passwords, and other sensitive information (from Form Manager). Maybe it should 
read, "Clear Saved Sensitive Information." 

Removing it from the menu and putting it in the dialog might be a good idea. 
Perhaps it *should* be less accessible -- because if a user choses this 
accidently, he or she could be in for a really hard time. (Particularly if he or 
she has a poor memory!)

Comment 3

18 years ago
matthew/verah, i've filed bug 47329 for requesting to get Clear Stored Data into
a dialog and off the menu... the issue here in this bug is that all the data i'd
expect is not removed. :-)

Comment 4

18 years ago
Wait -- let me explain why this should work as it currently does and not be 

First, the removing of stored password data could always have been done from the 
password-manager dialog by pressing the remove-all button.  So why then do we 
have this as a separate menu item and why does it remove password data as well 
as form data?

Simple.  Because if the user has his data encrypted and then forgets his master 
password, he is dead.  There is no way for him to remove the data and start 
over.  This is the purpose (and the only purpose) of the remove-data menu item.

So should it remove the stored sites as well.  No.  The user can always remove 
the sites by himself by going to the password-manager dialog.  It was the loss 
of master password to the encrypted data that was hurting him.  The stored sites 
are not encrypted.

As far as a user pressing it by accident, we already take care of that.  He is 
warned that all his data is about to be lost and is given a chance to cancel if 
he didn't mean to do that.

Closing this out as invalid.
Last Resolved: 18 years ago
Resolution: --- → INVALID

Comment 5

18 years ago
In that case, the wording should be narrowed to `Clear Stored Passwords', 
shouldn't it?

Comment 6

18 years ago
It's more than just passwords -- it's wallet data as well.  Anything that would 
be encrypted if encryption was turned on.  If you want to propose a wording 
change that would encompass that, feel free to do so.  Perhaps vera's proposal 
of "clear stored sensitive information".

Comment 7

18 years ago
how about "Clear Saved Data"?

Comment 8

18 years ago
We're calling what the Password Manager stores "sensitive information" in other 
places, and I'm hoping to stick with one term. We chose "sensitive information" 
because it makes the user think more about security and whether or not 
encryption should be turned on... etc.

Comment 9

18 years ago
I just changed the menu items so that they say "sensitive information" instead 
of "stored data".

Comment 10

18 years ago
vrfy... though i'd like to describe this in the documentation so that users
don't get confused.

blake et al., d'you think this feature is clear enough, or should a bug be filed
(where bug 48860 is dependent) for further UI clarification? (i understand that
such a change might occur post-rtm, but i thought i'd ask here before i forget.
Keywords: relnote3

Comment 11

18 years ago
> Simple.  Because if the user has his data encrypted and then forgets his master
> password, he is dead.  There is no way for him to remove the data and start
> over.  This is the purpose (and the only purpose) of the remove-data menu item.

That's still not a good reason to put this in the menu rather than the dialog. 
What should happen, in an ideal world, is this:
* I select `Tasks' > `Wallet' (which replaces the Forms Manager, the Password
  Manager, and the Security Manager)
* I get shown a dialog asking for my master password
* I don't know my master password, so I just click `Ok'
* I get presented with a Wallet window where no data is shown (because I didn't
  enter my password)
* I click the `Delete All ...' button
* I get shown an alert, warning me of what exactly will be deleted
* I click `Continue', and stuff gets deleted.

That whole forms/passwords submenu is so muddled that I've probably got one or 
two things wrong there, so I'm probably not the best person to file the bugs to 
make all that happen. (Blake? Sarah?)
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.