Open
Bug 952869
Opened 11 years ago
Updated 1 year ago
LoginManager should defer/lazify reading/decrypting password property as late as possible
Categories
(Toolkit :: Password Manager, defect, P3)
Toolkit
Password Manager
Tracking
()
NEW
People
(Reporter: jfitzell, Unassigned)
References
Details
Attachments
(1 file)
(deleted),
patch
|
Details | Diff | Splinter Review |
LoginManager checks the length of the password for every login (I think as a result of Bug 391514). This is fine with the default storage implementation, but is potentially undesirable for other implementations.
In particular, the Apple Keychain requires authorization to access the password field but allows unrestricted access to all others. If a user has multiple accounts stored for a site and has not decided to "Always allow" access to Firefox, they will be prompted for access to every password on each autofill attempt, even if the username does not match what has been entered in the form.
It would be nice if we could defer checking the password length until we've filtered the list of logins and are otherwise sure the password could be filled.
Reporter | ||
Comment 1•11 years ago
|
||
I have whipped up a patch showing what I think would be the smallest possible fix but it involves repeated code. I think we could do something better and less hacky but it would require some refactoring of the _fillForm() function and thus more regression testing. I haven't even tested the patch yet as I don't currently have a working build environment but I'm happy to take a crack at if desired and with a steer towards minimal change vs. cleaning up code.
Updated•5 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Updated•5 years ago
|
OS: macOS → All
Hardware: x86 → All
Summary: LoginManager should defer reading password property as late as possible → LoginManager should defer/lazify reading/decrypting password property as late as possible
Updated•3 years ago
|
Updated•2 years ago
|
Updated•1 year ago
|
Severity: -- → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•