Closed Bug 52616 Opened 24 years ago Closed 23 years ago

Distinguish between basic authentication and proxy auth. dialogs

Categories

(Core :: Networking: HTTP, enhancement, P3)

Product:
Core
Component:
Networking: HTTP
Type:
enhancement

Tracking

()

Status:
VERIFIED DUPLICATE of bug 60588
Milestone:
Future

People

(Reporter: Matt.Behrens, Assigned: darin.moz)

References

Details

(Keywords: arch)

From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; m18) Gecko/20000913 BuildID: 2000091317 Currently authentication dialogs for proxy servers and for authenticating to web sites are identical. This might be a potential security risk, since a user may enter his proxy server username/password in response to an auth request from a web site. Admittedly this may be a social problem rather than a real, live security issue but I see it as valid. Communicator 4.7 (at least, probably more) properly stated in its dialog that it wanted proxy credentials when it was given a proxy authentication request. IE (or at least the version I have handy) currently does *not* do this, though they should.
Blocks: 38008
Status: UNCONFIRMED → NEW
Ever confirmed: true
Adam I am hoping this is another bug similar to 50682...
Assignee: hangas → adamlock
Yes I think it is. I'm marking it a duplicate. *** This bug has been marked as a duplicate of 50682 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
No, this is not related to bug 50682. A much closer cousin is bug 38008. Let me try to clarify: In NC4, you get password dialogs when HTTP calls for it. If a password is required for proxy access, the dialog looks like this: [ Username and Password Required [X] ] Proxy authentication required for www.example.com at proxyhost:80: User Name: [ ] Password: [ ] [ OK ] [ Cancel ] |___________________________________________________| However, if the password is required for Basic authentication on a site realm, the dialog looks like this: [ Username and Password Required [X] ] Enter username for Basic Authentication Realm at www.example.com: User Name: [ ] Password: [ ] [ OK ] [ Cancel ] |___________________________________________________| By contrast, Mozilla (or did, I have not tried recent builds, too busy) currently shows a dialog that does not allow the user to distinguish whether he is issuing a username and password for a proxy server or for a site realm. This could result in a user inadvertently issuing his proxy username and password to a remote site, which could result in local server compromise.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Assignee: adamlock → gagan
Status: REOPENED → NEW
Component: User Interface: Design Feedback → Networking
OS: Windows NT → All
QA Contact: mpt → tever
Hardware: PC → All
Summary: proxy server auth dialog should say what it is → Distinguish between basic authentication and proxy auth. dialogs
Ah, I see. Not Adam's bug then. -->Networking. Ideally we want different titles (`Authentication required' vs. `Proxy authentication required'), different labels for the server name (`Server:' vs. `Proxy:'), and maybe even different icons too.
One additional factor is that you should really only need to log into a proxy server once, not for each domain you are browsing to. Right now if you look at another domain it seems to want to re-authenticate to the proxy.
Thats only becuz of another bug 32335 which should be landing in soon... to darin and setting to future.
Assignee: gagan → darin
Target Milestone: --- → Future
Status: NEW → ASSIGNED
Ok, this bug cannot be fixed without an API change. See bugs 59609 and 46859 for a related discussion.
added keyword arch.
Keywords: arch
Component: Networking → Networking: HTTP
Blocks: 61691
This was fixed in bug 60588. *** This bug has been marked as a duplicate of 60588 ***
Status: ASSIGNED → RESOLVED
Closed: 24 years ago23 years ago
Resolution: --- → DUPLICATE
Verified dupe.
Status: RESOLVED → VERIFIED
QA Contact: tever → junruh
You need to log in before you can comment on or make changes to this bug.