Closed Bug 568029 Opened 14 years ago Closed 10 years ago

Session Restore should encrypt and save SSL form data if you have a Master Password

Categories

(Firefox :: Session Restore, enhancement)

Product:
Firefox
Component:
Session Restore
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: jasonspiro4, Unassigned)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.7) Gecko/2009032803 Iceweasel/3.0.6 (Debian-3.0.6-1)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.7) Gecko/2009032803 Iceweasel/3.0.6 (Debian-3.0.6-1)

If you have a Master Password and you enter it on request, Firefox should always save and restore session state for SSL pages.

Reproducible: Always
Do you mean that SSL content should be saved in the cache ? That already happens in Firefox 3.6 - please upgrade if you can. You're running an old version (I known ... it came with your Debian). And it's not an official version either, this bug report should be filed with Debian itself, not with Mozilla.

Note: the Master Password doesn't protect your profile, it's not used for such a purpose - it only protects the passwords.
(In reply to comment #1)
> Do you mean that SSL content should be saved in the cache ?

Pretty sure he meant form data.

Hmm, so I'm not sure I agree here. SSL is not intrinsically tied to the Master Password, so I don't think there's a reason to tie the saving of data to the Master Password. Nothing in session restore is being encrypted at save as is, so the master password wouldn't be giving any additional encryption. So I'm thinking WONTFIX here.

If you want session restore to save form data from SSL pages, you can set the browser.sessionstore.privacy_level pref to 0.
(In reply to comment #2)
> Pretty sure he meant form data.

Yes, I meant form data.

> Hmm, so I'm not sure I agree here. SSL is not intrinsically tied to the Master
> Password, so I don't think there's a reason to tie the saving of data to the
> Master Password. Nothing in session restore is being encrypted at save as is,
> so the master password wouldn't be giving any additional encryption. [...]

Ah:  I didn't know.  Well, please encrypt the SSL form data, then save it.  :)

I'm changing the bug summary to reflect my updated request.
Summary: Fx should always save session state for SSL pages if you have a Master Password → Session Restore should encrypt and save SSL form data if you have a Master Password
Master password is ONLY designed to protect passwords, not data.  Your alternative is comment 2, but this does not protect your data - you must rely on you PC's security to protect your data.

per comment 2 this request would not be granted.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.