Session Restore should encrypt and save SSL form data if you have a Master Password

RESOLVED WONTFIX

Status

()

Firefox
Session Restore
--
enhancement
RESOLVED WONTFIX
8 years ago
4 years ago

People

(Reporter: Jason Spiro, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.7) Gecko/2009032803 Iceweasel/3.0.6 (Debian-3.0.6-1)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.7) Gecko/2009032803 Iceweasel/3.0.6 (Debian-3.0.6-1)

If you have a Master Password and you enter it on request, Firefox should always save and restore session state for SSL pages.

Reproducible: Always

Comment 1

8 years ago
Do you mean that SSL content should be saved in the cache ? That already happens in Firefox 3.6 - please upgrade if you can. You're running an old version (I known ... it came with your Debian). And it's not an official version either, this bug report should be filed with Debian itself, not with Mozilla.

Note: the Master Password doesn't protect your profile, it's not used for such a purpose - it only protects the passwords.
(In reply to comment #1)
> Do you mean that SSL content should be saved in the cache ?

Pretty sure he meant form data.

Hmm, so I'm not sure I agree here. SSL is not intrinsically tied to the Master Password, so I don't think there's a reason to tie the saving of data to the Master Password. Nothing in session restore is being encrypted at save as is, so the master password wouldn't be giving any additional encryption. So I'm thinking WONTFIX here.

If you want session restore to save form data from SSL pages, you can set the browser.sessionstore.privacy_level pref to 0.
(Reporter)

Comment 3

8 years ago
(In reply to comment #2)
> Pretty sure he meant form data.

Yes, I meant form data.

> Hmm, so I'm not sure I agree here. SSL is not intrinsically tied to the Master
> Password, so I don't think there's a reason to tie the saving of data to the
> Master Password. Nothing in session restore is being encrypted at save as is,
> so the master password wouldn't be giving any additional encryption. [...]

Ah:  I didn't know.  Well, please encrypt the SSL form data, then save it.  :)

I'm changing the bug summary to reflect my updated request.
Summary: Fx should always save session state for SSL pages if you have a Master Password → Session Restore should encrypt and save SSL form data if you have a Master Password

Comment 4

4 years ago
Master password is ONLY designed to protect passwords, not data.  Your alternative is comment 2, but this does not protect your data - you must rely on you PC's security to protect your data.

per comment 2 this request would not be granted.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.