Closed
Bug 52616
Opened 24 years ago
Closed 23 years ago
Distinguish between basic authentication and proxy auth. dialogs
Categories
(Core :: Networking: HTTP, enhancement, P3)
Core
Networking: HTTP
Tracking
()
Future
People
(Reporter: Matt.Behrens, Assigned: darin.moz)
References
Details
(Keywords: arch)
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; m18) Gecko/20000913
BuildID: 2000091317
Currently authentication dialogs for proxy servers and for authenticating to web
sites are identical. This might be a potential security risk, since a user may
enter his proxy server username/password in response to an auth request from a
web site.
Admittedly this may be a social problem rather than a real, live security issue
but I see it as valid. Communicator 4.7 (at least, probably more) properly
stated in its dialog that it wanted proxy credentials when it was given a proxy
authentication request. IE (or at least the version I have handy) currently
does *not* do this, though they should.
|
||
Updated•24 years ago
|
Adam I am hoping this is another bug similar to 50682...
Assignee: hangas → adamlock
Yes I think it is. I'm marking it a duplicate.
*** This bug has been marked as a duplicate of 50682 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
|
Reporter | |
Comment 3•24 years ago
|
||
No, this is not related to bug 50682. A much closer cousin is bug 38008.
Let me try to clarify:
In NC4, you get password dialogs when HTTP calls for it. If a password is
required for proxy access, the dialog looks like this:
[ Username and Password Required [X] ]
Proxy authentication required for www.example.com
at proxyhost:80:
User Name: [ ]
Password: [ ]
[ OK ] [ Cancel ]
|___________________________________________________|
However, if the password is required for Basic authentication on a site realm,
the dialog looks like this:
[ Username and Password Required [X] ]
Enter username for Basic Authentication Realm at
www.example.com:
User Name: [ ]
Password: [ ]
[ OK ] [ Cancel ]
|___________________________________________________|
By contrast, Mozilla (or did, I have not tried recent builds, too busy)
currently shows a dialog that does not allow the user to distinguish whether he
is issuing a username and password for a proxy server or for a site realm. This
could result in a user inadvertently issuing his proxy username and password to
a remote site, which could result in local server compromise.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
|
|
||
Updated•24 years ago
|
Assignee: adamlock → gagan
Status: REOPENED → NEW
Component: User Interface: Design Feedback → Networking
OS: Windows NT → All
QA Contact: mpt → tever
Hardware: PC → All
Summary: proxy server auth dialog should say what it is → Distinguish between basic authentication and proxy auth. dialogs
|
|
||
Comment 4•24 years ago
|
||
Ah, I see. Not Adam's bug then. -->Networking.
Ideally we want different titles (`Authentication required' vs. `Proxy
authentication required'), different labels for the server name (`Server:' vs.
`Proxy:'), and maybe even different icons too.
|
||
Comment 5•24 years ago
|
||
One additional factor is that you should really only need to log into a proxy
server once, not for each domain you are browsing to. Right now if you look at
another domain it seems to want to re-authenticate to the proxy.
Thats only becuz of another bug 32335 which should be landing in soon... to
darin and setting to future.
Assignee: gagan → darin
Target Milestone: --- → Future
|
Assignee | |
Updated•24 years ago
|
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 7•24 years ago
|
||
Ok, this bug cannot be fixed without an API change. See bugs 59609 and 46859
for a related discussion.
|
|
Assignee | |
Updated•24 years ago
|
Component: Networking → Networking: HTTP
Status: ASSIGNED → RESOLVED
Closed: 24 years ago → 23 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•