Closed
Bug 80652
Opened 23 years ago
Closed 9 years ago
FTP needs password authentication cache
Categories
(Core Graveyard :: Networking: FTP, enhancement, P2)
Core Graveyard
Networking: FTP
Tracking
(Not tracked)
RESOLVED
WONTFIX
Future
People
(Reporter: benc, Unassigned)
References
Details
(Keywords: helpwanted, topembed-)
STEPS: 1- Connect to any system that requires a username and password to ftp. When you are browsing, you only are chanllenged for a password once. (While working on another bug, I was using: ftp://<user>@frame.packetgram.com/export/home/docs/pktg/mozilla/bugzilla/70375/) 2- When you actually try to get a file from that window, EVERY file transfer, even the same file twice, results in an auth challenge.
Comment 2•23 years ago
|
||
adding myself to Cc. Seeing this on the may 17 builds. Is this going to get fixed for the .91 beta? If not it should be release noted indefinitely.
Comment 3•23 years ago
|
||
mass setting milestone. if this is something you believe is more urgent then the milestone that I just sent, please send me mail.
Target Milestone: --- → mozilla0.9.3
Updated•23 years ago
|
Priority: -- → P2
Comment 4•23 years ago
|
||
Currently every control connection which gets establish will ask for a username/password. Changing this would require some notion of page lifespan so that the auth cache can be cleared on a page trasistion (disconnect). The potential problem that I see is this. Imagine that you are connected to ftp://foo with your username and password. For whatever reason, you want to log in as anonymous or a different user. How would you flush that auth cache to do this? I would guess that when you leave the page, a notification would come back in notifing the protocol handler so that it can flush the auth cache. Moving milestone out.
Target Milestone: mozilla0.9.3 → mozilla1.0
That's a problem with all auth. The workaround is to use a URL w/ the username+password in it.
Updated•23 years ago
|
OS: other → All
Hardware: PC → All
Updated•23 years ago
|
Target Milestone: mozilla1.0 → mozilla0.9.4
I haven't looked at how directory behaved, maybe this is html only. Since this is HTML view, the HTML links have a specific state (ftp://<username>@hostname/path), that has no password. This may just be the way it should work. If we aren't investing in HTML, if we are going back to make the directory style view work, then this might not be worth fixing.
Comment 9•23 years ago
|
||
-> 1.0. ftp needs an auth cache like http uses. The interesting question is why is another control connection being created?
Target Milestone: mozilla0.9.5 → mozilla1.0
Comment 10•23 years ago
|
||
changed summary to enhancement - this behavior does not really block any usage b/c there is a workaround (HTTP is the opposite b/c http: URLS don't support user:password syntax, so you cannot clear your auth w/o restarting).
Severity: normal → enhancement
Summary: ftp: auth not persistent w/ file transfers → [RFE] FTP - auth cache
Comment 11•23 years ago
|
||
RELNOTE: FTP does not cache your passwords. If you use passwords, you will need to authenticate for every file transfer.
Keywords: relnote
Comment 13•23 years ago
|
||
benc: HTTP urls can contain username:password.
Comment 14•23 years ago
|
||
Was it added after RFC 1738?
Comment 15•23 years ago
|
||
benc: The RFC is not always right, especially the uri related onces :) But yes, probably.
Comment 16•23 years ago
|
||
->future, +helpwanted
Keywords: helpwanted
Target Milestone: mozilla1.0 → Future
Comment 17•22 years ago
|
||
*** Bug 135842 has been marked as a duplicate of this bug. ***
Comment 18•22 years ago
|
||
*** Bug 132124 has been marked as a duplicate of this bug. ***
Comment 19•22 years ago
|
||
*** Bug 135842 has been marked as a duplicate of this bug. ***
Comment 20•22 years ago
|
||
+nsbeta - This make life in non-anonymous servers really miserable.
Keywords: nsbeta1
Comment 21•22 years ago
|
||
*** Bug 149112 has been marked as a duplicate of this bug. ***
Comment 22•22 years ago
|
||
I have no time to work on mozilla at the moment, so dougt is taking over FTP open ftp bugs -> him
Assignee: bbaetz → dougt
Comment 23•21 years ago
|
||
*** Bug 200947 has been marked as a duplicate of this bug. ***
Comment 24•21 years ago
|
||
This bug appears in BuildID: 2003040304 Rather annoying..
Comment 25•21 years ago
|
||
I spent a lot of time yesterday trying to get servers to work well with Composer's Publish feature. Unlike Netscape Enterprise Server, it seems that getting HTTP PUT working on Apache is non-trivial. Another reason this is more likely is that more users probably work in file spaces that do NOT have anonymous access than I originally thought. I had forgotten how time consuming configuring anonymous correctly can be, and on my new server, I have user-access only. This means that many people in my situation would use the path of least resistance, and use FTP to publish files to subtree that has access control. In this environment, you have to embed your username into the ftp URL, or you get an anonymous failure, which does not throw a auth prompt (bug 124561). So, in this situation, you keep getting asked for a password again and again. If you use password manager, then the dialogs do not appear, but you have been forced into putting your auth state into the profile. That is probably over-kill, I think most people would want to be able to authenticate once, just for the entire session, no more, no less.
Keywords: topembed
Comment 26•21 years ago
|
||
topembed-, not blocking embeddors right now
Comment 28•19 years ago
|
||
*** Bug 288318 has been marked as a duplicate of this bug. ***
Comment 29•19 years ago
|
||
> So, in this situation, you keep getting asked for a password again
> and again. If you use password manager, then the dialogs do not
> appear, but you have been forced into putting your auth state into
> the profile.
Why can't the FTP password just be managed like a HTTP Basic
Authentication password (in the browser instance)?
Comment 30•19 years ago
|
||
It could be, but FTP doesn't have a convenient way to access the HTTP authentication cache. Indeed, it probably makes sense to factor the HTTP authentication cache out into a generic authentication cache for use by any networking protocol. It should not be that hard to do that. It just takes some time. Are you volunteering? ;-)
Comment 31•19 years ago
|
||
*** Bug 288318 has been marked as a duplicate of this bug. ***
Comment 34•9 years ago
|
||
enhancements to ftp belong to addons these days
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
Updated•2 months ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•