Closed
Bug 88771
Opened 24 years ago
Closed 14 years ago
URL bar menu (autocomplete) should hide URL passwords
Categories
(SeaMonkey :: Location Bar, defect)
SeaMonkey
Location Bar
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 146289
People
(Reporter: netdragon, Unassigned)
References
Details
(Keywords: helpwanted, privacy)
Basically if you do this:
http://name:password@www.yahoo.com
or
ftp://name:password@ftp.rpi.edu
it would be nice to put * - stars in place of the password in the url dropdown.
It would be especially good for universities where many people share the same
computer.
|
||
Comment 1•24 years ago
|
||
I would like to see the password removed immediately from all entered URLs
(although that would require the password to be saved somewhere else).
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 2•24 years ago
|
||
I think this should be a preference because I personally like the way it works now.
|
||
Comment 3•24 years ago
|
||
What is our current behavior WRT passwords in URLs? Should we be stripping them
out immediately after the initial load and not saving them in history, etc? Or
should we just star them out as Brian suggests?
Assignee: mstoltz → neeti
Component: Security: General → Networking
QA Contact: ckritzer → benc
|
Reporter | |
Comment 4•24 years ago
|
||
I wouldn't like it if the user:password was removed from the url line when
placed in it. Currently, the user:password is left on the line. It would also be
confusing WRT to the dropdown box if it was stripped. You wouldn't know if it
was already set to login. Although, it might be bad security to even put it in
the dropdown box. Maybe the password should be totally left out when placed in
the dropdown box.
For instance:
http://blah:blah@www.yahoo.com/
1) would turn into for the url box
http://blah@www.yahoo.com
or
http://blah:****@www.yahoo.com
2) and would turn into for the dropdown box
http://blah@www.yahoo.com
I believe doing the first option would be the best for #1. It would keep
consistency.
As for in the history, it leaves the password intact too. 6/25 build.
<offtopic>
Btw: I can't get either FTP or http authentication to work using this method. In
fact, FTP doesn't work at all. Are these known issues?</offtopic>
|
||
Comment 7•24 years ago
|
||
reassign url bar bugs to new owner..
Assignee: alecf → blakeross
QA Contact: benc → claudius
I haven't worked through all the RFCs, but the first convention is illegal anyhow.
|
||
Comment 9•24 years ago
|
||
Joe was dying to have these bugs. Who am I to say no?
Assignee: blakeross → hewitt
|
||
Updated•24 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P4
Target Milestone: --- → Future
|
||
Comment 10•24 years ago
|
||
Should not be set to Future IMO. It's a critical security issue.
|
||
Comment 11•23 years ago
|
||
This is not enhancement, this is really security bug. Brian, could you set any
other target?
Severity: enhancement → normal
Keywords: privacy
|
|
||
Comment 12•23 years ago
|
||
*** Bug 138463 has been marked as a duplicate of this bug. ***
|
|
Reporter | |
Comment 13•23 years ago
|
||
Adding the mozilla1.0 keyword and changing the milestone to 1.0 to see if this
gets any support from drivers.
Keywords: helpwanted,
mozilla1.0
Target Milestone: Future → mozilla1.0
|
|
||
Comment 14•23 years ago
|
||
Brian: You can't change Target Milestone, it's Joe Hewitt's target. Setting back
-> Future.
(Joe: If I'm wrong, correct me)
Target Milestone: mozilla1.0 → Future
|
||
Comment 15•23 years ago
|
||
*** Bug 157354 has been marked as a duplicate of this bug. ***
|
||
Comment 16•23 years ago
|
||
I think that it should not save the passwords in history or in the url bar.
It is insecure for them to be saved like that.
|
|
||
Comment 17•23 years ago
|
||
Sorry for the spam...
Changing CC to my new email addy..
|
||
Comment 18•22 years ago
|
||
If I'm not wrong, the patch for bug 130327 fixes this bug as well.
QA Contact: claudius → benc
Summary: Block user:password combinations prefacing domain in url drop down → URL bar menu (autocomplete) should hide URL passwords
|
||
Comment 19•21 years ago
|
||
*** Bug 250337 has been marked as a duplicate of this bug. ***
|
||
Comment 20•21 years ago
|
||
I read and read and read but didn't find any solution for my problem which I
posted in bug number 279296.
Can someone please tell me how to teach Firefox 1.0 NOT to remove the username
and password from the URL?
|
||
Comment 21•20 years ago
|
||
*** Bug 288731 has been marked as a duplicate of this bug. ***
|
||
Comment 22•20 years ago
|
||
*** Bug 288449 has been marked as a duplicate of this bug. ***
|
||
Comment 23•20 years ago
|
||
I don't like this behaviour at all. Seems like a big security risk to me.
Requesting blocking 1.1.
Flags: blocking-aviary1.1?
|
||
Updated•20 years ago
|
Flags: blocking-aviary1.1? → blocking-aviary1.1-
|
Assignee | |
Updated•17 years ago
|
Product: Core → SeaMonkey
|
||
Updated•17 years ago
|
Assignee: hewitt → nobody
Status: ASSIGNED → NEW
Priority: P4 → --
QA Contact: benc → location-bar
Target Milestone: Future → ---
|
|
||
Comment 25•14 years ago
|
||
Forward dupping to Bug 146289 since there is a patch there.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
|
||
Updated•1 year ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•