Open Bug 664574 Opened 13 years ago Updated 12 years ago

Capability to Select Multiple Domains in Data Manager

Categories

(SeaMonkey :: Passwords & Permissions, enhancement)

Product:
SeaMonkey
Component:
Passwords & Permissions
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

People

(Reporter: david, Unassigned)

References

(Blocks 1 open bug)

Details

Rather than restricting users to view data for only one domain at a time, SeaMonkey should allow users to select multiple domains.  

With SeaMonkey 2.0.14, I would sometimes review my saved cookies for pending expirations.  I started with the first cookie in the Cookie Manager window and used the down-arrow key, concentrating on the display of the Expires data.  

With SeaMonkey 2.1, I must select a domain (left pane), review its cookies (right pane), select another domain (left pane), review its cookies (right pane), etc (annoying pain :) ).  This requires frequent mouse actions that prevent continuous use of a down-arrow key.  This becomes most bothersome when I have many domains with cookies but each domain has only one or two cookies.  

Newsgroup messages posted by others at mozilla.support.seamonkey have noted the equivalent problem with viewing login passwords via Data Manager.  If a user has a master password, it is indeed appropriate to require the entry of the master password to see what domains have login passwords; this requirement is met if the master password has been entered at any time during the current browser session.  It is also appropriate to require the entry of the master password to expose login passwords; this protects the login passwords of a user who temporarily leaves his or her computer and forgets that the master password has been entered.  For reviewing login passwords for several domains, however, the current design of Data Manager requires entering the master password again when the user selects another domain.  

Note that viewing the login passwords for all domains all at once is not a security vulnerability.  Entering the master password would still be required to expose the actual login passwords.  As soon as someone has your master password, viewing login passwords all at once is no more a vulnerability than viewing them one at a time.  Instead, the vulnerability is in the compromise of the master password.  

A capability that allows users to select multiple domains from the left pane of the Data Manager window (which would then allow users to select all domains) would resolve both issues: cookies and passwords.  Such a capability might also be useful to those who wish to view permissions and preferences in Data Manager.  

Implementation might involve allowing the user to select one domain in the Domain list (left pane) and then hold down the Ctrl key while selecting other domains or hold down the Shift key while selecting the last of a contiguous set of domains.  At each step, the right pane would refresh according to what domains have been selected.  A similar implementation could be done for platforms whose keyboards lack a Ctrl key.
This is rather hard to implement but it a possibility to do. No priority of any kind to me, though, at the moment, there are a few Data Manager bugs/RFEs I have higher on the list right now.
Depends on: DataManager
I wonder how the new Firefox Permissions Manager manages to do that?
(In reply to comment #2)
> I wonder how the new Firefox Permissions Manager manages to do that?

It doesn't manage data at all, as far as I know, but just a few permissions.
Blocks: 670681
I voted this bug as important some time ago, but I never commented.
The reason I thought this was important is because I consider important to track if I ever use the same password on more than one site.
For example, even though I mostly use different passwords for different sites, sometimes it is possible that I may have reused the same password for 2 sites.
Remember what happened with lulzsec a couple of  months ago? The first thing anybody has to do is change any compromised password if it has been reused on any other site, but when somebody has passwords on more the 300 sites, how could that person be completely sure which sites require a password change if it is impossible to see them all and sort them? It is very simple to do that on version 2.0.x
A work-around has been incorporated into a PrefBar button available at <http://prefbar.tuxfamily.org/buttons.html#permissionsmenu>.  This works for popups, images, cookies, and installation permissions but not for passwords.  

For passwords, see the Password Exporter extension at <https://addons.mozilla.org/en-US/seamonkey/addon/password-exporter/>, which adds a button to the Import/Export Passwords dialogue popup reached from the SeaMonkey menu bar via [Edit > Preferences > Privacy & Security > Passwords].  

The PrefBar extension itself can be found at <https://addons.mozilla.org/en-US/seamonkey/addon/prefbar/> for SeaMonkey.  

However, I still believe that the use of extensions merely provides a temporary work-around.  Extensions do not eliminate the need for this RFE.
I'd also like to note that at least for cookies, working with multiple domains at once used to work just fine in pre-Data Manager versions of Seamonkey:  you could tag a whole bunch of cookies, hit Delete, and *poof* they're gone.  Now you can't do this; if you want to clean up the mess of cookies that Seamonkey stores since it now keeps expired cookies nearly forever (bugs 691973 and 576347 and possibly others), you'll be at it all day since you have to do it one domain at a time (and the issue mentioned in bug 667459 makes it even slower).
You need to log in before you can comment on or make changes to this bug.