Closed
Bug 88771
Opened 24 years ago
Closed 13 years ago
URL bar menu (autocomplete) should hide URL passwords
Categories
(SeaMonkey :: Location Bar, defect)
SeaMonkey
Location Bar
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 146289
People
(Reporter: netdragon, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: helpwanted, privacy)
Basically if you do this: http://name:password@www.yahoo.com or ftp://name:password@ftp.rpi.edu it would be nice to put * - stars in place of the password in the url dropdown. It would be especially good for universities where many people share the same computer.
Comment 1•24 years ago
|
||
I would like to see the password removed immediately from all entered URLs (although that would require the password to be saved somewhere else).
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 2•24 years ago
|
||
I think this should be a preference because I personally like the way it works now.
Comment 3•24 years ago
|
||
What is our current behavior WRT passwords in URLs? Should we be stripping them out immediately after the initial load and not saving them in history, etc? Or should we just star them out as Brian suggests?
Assignee: mstoltz → neeti
Component: Security: General → Networking
QA Contact: ckritzer → benc
Reporter | ||
Comment 4•24 years ago
|
||
I wouldn't like it if the user:password was removed from the url line when placed in it. Currently, the user:password is left on the line. It would also be confusing WRT to the dropdown box if it was stripped. You wouldn't know if it was already set to login. Although, it might be bad security to even put it in the dropdown box. Maybe the password should be totally left out when placed in the dropdown box. For instance: http://blah:blah@www.yahoo.com/ 1) would turn into for the url box http://blah@www.yahoo.com or http://blah:****@www.yahoo.com 2) and would turn into for the dropdown box http://blah@www.yahoo.com I believe doing the first option would be the best for #1. It would keep consistency. As for in the history, it leaves the password intact too. 6/25 build. <offtopic> Btw: I can't get either FTP or http authentication to work using this method. In fact, FTP doesn't work at all. Are these known issues?</offtopic>
Comment 7•23 years ago
|
||
reassign url bar bugs to new owner..
Assignee: alecf → blakeross
QA Contact: benc → claudius
I haven't worked through all the RFCs, but the first convention is illegal anyhow.
Comment 9•23 years ago
|
||
Joe was dying to have these bugs. Who am I to say no?
Assignee: blakeross → hewitt
Updated•23 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P4
Target Milestone: --- → Future
Comment 11•23 years ago
|
||
This is not enhancement, this is really security bug. Brian, could you set any other target?
Severity: enhancement → normal
Keywords: privacy
Reporter | ||
Comment 13•23 years ago
|
||
Adding the mozilla1.0 keyword and changing the milestone to 1.0 to see if this gets any support from drivers.
Keywords: helpwanted,
mozilla1.0
Target Milestone: Future → mozilla1.0
Comment 14•23 years ago
|
||
Brian: You can't change Target Milestone, it's Joe Hewitt's target. Setting back -> Future. (Joe: If I'm wrong, correct me)
Target Milestone: mozilla1.0 → Future
Comment 16•22 years ago
|
||
I think that it should not save the passwords in history or in the url bar. It is insecure for them to be saved like that.
QA Contact: claudius → benc
Summary: Block user:password combinations prefacing domain in url drop down → URL bar menu (autocomplete) should hide URL passwords
Comment 20•20 years ago
|
||
I read and read and read but didn't find any solution for my problem which I posted in bug number 279296. Can someone please tell me how to teach Firefox 1.0 NOT to remove the username and password from the URL?
Comment 23•20 years ago
|
||
I don't like this behaviour at all. Seems like a big security risk to me. Requesting blocking 1.1.
Flags: blocking-aviary1.1?
Updated•19 years ago
|
Flags: blocking-aviary1.1? → blocking-aviary1.1-
Assignee | ||
Updated•16 years ago
|
Product: Core → SeaMonkey
Updated•16 years ago
|
Assignee: hewitt → nobody
Status: ASSIGNED → NEW
Priority: P4 → --
QA Contact: benc → location-bar
Target Milestone: Future → ---
Comment 25•13 years ago
|
||
Forward dupping to Bug 146289 since there is a patch there.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•