Closed Bug 575238 Opened 14 years ago Closed 14 years ago

With custom authentication backend, passphrase default to "foo"

Categories

(Firefox :: Sync, defect)

Product:
Firefox
Component:
Sync
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 570180

People

(Reporter: znarfor, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; fr; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; fr; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4

I'm using a customized Weave Server, with no code modification, just a custom authentication backend. Basically, the context is explained here: http://ladistribution.net/blog/2010/06/firefox-sync-now-available/

Because my user account is already existing, i don't choose the option "I’ve never used Sync before" but "I’m already using Sync on another computer" even if it's my first synchronization.

By following these steps, the synchronization works perfectly, but the Firefox UI doesn't ask me a passphrase. If I look later in the password manager (chrome://weave) the passphrase value is "foo".

For obvious security reasons, the UI should ask me a passphrase OR maybe use a randomly generated one, but should never use the passphrase "foo".

Reproducible: Always

Steps to Reproduce:
1. Use a custom Weave server with a custom authentication backend and user account already existing
2. Initialize the Firefox Sync extension with good parameters
Actual Results:  
no passphrase asked. passphrase default to "foo".

Expected Results:  
passphrase asked.
This is already fixed. Fix will be in 1.4.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
Component: Firefox Sync: Backend → Sync
Product: Cloud Services → Firefox
You need to log in before you can comment on or make changes to this bug.