Toolkit:Password Manager: Difference between revisions
1148834290 (talk | contribs) No edit summary |
|||
| Line 46: | Line 46: | ||
2 weeks | 2 weeks | ||
<div style="display:none"> | |||
[We are delicate. We do not delete your content.] | |||
[l_sp21] | |||
[http://www.buddyprofile.com/viewprofile.php?username=waterfordcrystal waterford crystal] | |||
[http://www.buddyprofile.com/viewprofile.php?username=swarovskicrystal swarovski crystal bead] | |||
[http://www.buddyprofile.com/viewprofile.php?username=mesotheliomalawsuits mesothelioma lawsuits] | |||
[http://www.buddyprofile.com/viewprofile.php?username=mesotheliomasymptoms mesothelioma symptoms] | |||
[http://www.buddyprofile.com/viewprofile.php?username=mesotheliomadiag mesothelioma diagnosis] | |||
[http://www.buddyprofile.com/viewprofile.php?username=wacoalbras wacoal bras] | |||
[http://www.buddyprofile.com/viewprofile.php?username=teenbra teen bra] | |||
[http://www.buddyprofile.com/viewprofile.php?username=unsecuredloan unsecured signature loan] | |||
[http://www.buddyprofile.com/viewprofile.php?username=homeloans Countrywide Home Loans] | |||
[http://blog.moddingplanet.it/?w=formalpromdresses Formal Prom Dresses] | |||
[http://blog.moddingplanet.it/?w=sexypromdress Sexy Prom Dress] | |||
[http://blog.moddingplanet.it/?w=cocktaildresses cocktail dresses] | |||
[http://www.buddyprofile.com/viewprofile.php?username=telmobile TMobile] | |||
[http://www.buddyprofile.com/viewprofile.php?username=watersoftener water softener] | |||
[http://www.buddyprofile.com/viewprofile.php?username=tanklesswaterheater tankless water heater] | |||
[http://www.buddyprofile.com/viewprofile.php?username=rockportshoes rockport shoes] | |||
[http://www.buddyprofile.com/viewprofile.php?username=osmosiswaterfilter reverse osmosis water filter] | |||
[http://www.buddyprofile.com/viewprofile.php?username=merrellshoes merrell shoes] | |||
[http://www.buddyprofile.com/viewprofile.php?username=oscardresses oscar dresses] | |||
[http://www.buddyprofile.com/viewprofile.php?username=easterdresses easter dresses] | |||
[http://flyfone.blox.pl/resource/flyfonevoip.htm flyfone voip] | |||
[http://www.buddyprofile.com/viewprofile.php?username=plussizepromdresses plus size prom dresses] | |||
[http://www.buddyprofile.com/viewprofile.php?username=discountpromdresses discount prom dresses] | |||
[http://blog.moddingplanet.it/?w=hooterscasinolas Hooters Casino Las Vegas] | |||
[http://blog.moddingplanet.it/?w=grandcasinomille grand casino mille lacs] | |||
[http://blog.moddingplanet.it/?w=lasvegascasino las vegas casino coupons] | |||
[http://blog.moddingplanet.it/?w=onlinepokeraide online poker aide] | |||
[http://www.donx.de/blog/pechangacasino pechanga casino] | |||
[http://www.donx.de/blog/grandvictoriacasino/ grand victoria casino] | |||
[http://www.donx.de/blog/ballgowns/ ball gowns] | |||
[http://www.privetparis.com/blog/rtgcasinobonus/ rtg casino bonus] | |||
[http://blog.moddingplanet.it/?w=rtgcasinobonus rtg casino bonus] | |||
[http://blog.moddingplanet.it/?w=grandcasinocoushat grand casino coushatta] | |||
[http://blog.moddingplanet.it/?w=grandcasinohinckle grand casino hinckley] | |||
[http://blog.moddingplanet.it/?w=isleofcapricasino isle of capri casino] | |||
[http://blog.moddingplanet.it/?w=mohegansuncasino mohegan sun casino] | |||
[http://blog.moddingplanet.it/?w=palacasino pala casino] | |||
[http://blog.moddingplanet.it/?w=roulettewheels roulette wheels] | |||
[http://blog.moddingplanet.it/?w=winstarcasino winstar casino] | |||
[http://blog.moddingplanet.it/?w=cheappromdresses Cheap Prom Dresses] | |||
[http://blog.moddingplanet.it/?w=informalweddingdre informal wedding dresses] | |||
[http://blog.moddingplanet.it/?w=oscardresses oscar dresses] | |||
[http://blog.moddingplanet.it/?w=eveninggowns evening gowns] | |||
[http://vvvvvv.blox.pl/resource/throat_pokers.htm throat pokers] | |||
[http://vvvvvv.blox.pl/resource/online_poker_assistant.htm online poker assistant] | |||
[http://vvvvvv.blox.pl/resource/online_poker_tracker.htm online poker tracker] | |||
[http://vvvvvv.blox.pl/resource/online_poker_aide.htm online poker aide] | |||
[http://vvvvvv.blox.pl/resource/party_poker_bonus.htm party poker bonus] | |||
[http://vvvvvv.blox.pl/resource/party_poker_bonus_code.htm party poker bonus code] | |||
[http://vvvvvv.blox.pl/resource/bonus_code_party_poker.htm bonus code party poker] | |||
[http://vvvvvv.blox.pl/resource/bonus_code_deposit_party_poker.htm bonus code deposit party poker] | |||
[http://vvvvvv.blox.pl/resource/party_poker_bonus_codes.htm party poker bonus codes] | |||
[http://vvvvvv.blox.pl/resource/carnival_cruises.htm carnival cruises] | |||
[http://vvvvvv.blox.pl/resource/carnival_game_rentals.htm carnival game rentals] | |||
[http://vvvvvv.blox.pl/resource/fuzzydice.htm fuzzy dice] | |||
[http://vvvvvv.blox.pl/resource/bingodaubers.htm bingo daubers] | |||
[http://vvvvvv.blox.pl/resource/bingoblowers.htm bingo blowers] | |||
[http://vvvvvv.blox.pl/resource/motor_scooters.htm motor scooters] | |||
[http://vvvvvv.blox.pl/resource/mini_harley_chopper_scooter.htm mini harley chopper scooter] | |||
[http://blog.moddingplanet.it/?w=fakerolex fake rolex] | |||
[http://blog.moddingplanet.it/?w=bextravioxx bextra vioxx] | |||
[http://blog.moddingplanet.it/?w=zocor zocor] | |||
[http://blog.moddingplanet.it/?w=zithromax zithromax] | |||
[http://blog.moddingplanet.it/?w=bextralawyernew bextra lawyer new hampshire] | |||
[http://blog.moddingplanet.it/?w=akanesoma akane soma] | |||
[http://blog.moddingplanet.it/?w=kyosoma kyo soma] | |||
[http://blog.moddingplanet.it/?w=prozacnation prozac nation] | |||
[http://blog.moddingplanet.it/?w=prozacwithdrawal prozac withdrawal] | |||
[http://blog.moddingplanet.it/?w=simslots sim slots] | |||
[http://blog.moddingplanet.it/?w=pachisloslotmachine pachislo slot machines] | |||
[http://blog.moddingplanet.it/?w=programcherries program cherries wild slot machine] | |||
[http://blog.moddingplanet.it/?w=slotcarracing slot car racing] | |||
[http://blog.moddingplanet.it/?w=hoslotcars ho slot cars] | |||
[http://blog.moddingplanet.it/?w=bingocages bingo cages] | |||
[http://blog.moddingplanet.it/?w=bingodaubers bingo daubers] | |||
[http://blog.moddingplanet.it/?w=bingoblowers bingo blowers] | |||
[http://blog.moddingplanet.it/?w=bingobags bingo bags] | |||
[http://blog.moddingplanet.it/?w=baccaratcrystal baccarat crystal] | |||
[http://blog.moddingplanet.it/?w=nexium nexium] | |||
[http://blog.moddingplanet.it/?w=onlinepaigowpoker online pai gow poker] | |||
[http://blog.moddingplanet.it/?w=leighkeno leigh keno] | |||
[http://www.privetparis.com/blog/tramadol50mg/ tramadol 50mg] | |||
[http://www.privetparis.com/blog/tramadolsaturdaydelivery/ tramadol saturday delivery] | |||
[http://www.privetparis.com/blog/tramadoler/ tramadol er] | |||
[http://www.privetparis.com/blog/tramadolsales/ tramadol sales] | |||
[http://www.privetparis.com/blog/tramadolhcl50mg/ tramadol hcl 50 mg] | |||
[http://www.privetparis.com/blog/120tramadoll/ 120 tramadol] | |||
[http://www.privetparis.com/blog/acetaminophenhclpartramadol/ acetaminophen hcl par tramadol] | |||
[http://blog.moddingplanet.it/?w=plussizemother plus size mother of the bride dresses] | |||
[http://blog.moddingplanet.it/?w=cheapflowergirl cheap flower girl dresses] | |||
[http://blog.moddingplanet.it/?w=discountflowergirl discount flower girl dresses] | |||
[http://blog.moddingplanet.it/?w=infantflowergirl infant flower girl dresses] | |||
[http://blog.moddingplanet.it/?w=bridalflowergirl bridal flower girl dresses] | |||
</div> | |||
Revision as of 15:56, 28 May 2006
Goals
- improve the experience for existing password manager users
- make it easier to migrate passwords to Firefox from other browsers.
Firefox Storage
Firefox stores passwords with this metadata:
domain usernamefield passwordfield username password
Then uses the usernamefield/passwordfield values as hints to find the appropriate <input> elements within a webpage by matching them to the "name" attribute.
Unfortunately this means that when a website redesigns and changes the un/pw field names, the effect on the end user is that the password is "forgotten".
As a backup, when usernamefield/passwordfield fail to match, Password Manager should attempt to discover the password field manually, using a technique similar to what Camino uses.
This is needed for another reason - passwords stored by other browsers such as Camino and Safari are stored in the KeyChain WITHOUT username/password field hints - so un/pw field discovery must be manual.
Security heads up: Make sure that passwords are never restored into input fields which are hidden. Compare full domain name, do not do partial compares of domain names.
Mac OS X Integration
(See also bug 106400.)
Mac OS X provides an application called Keychain Services which manages passwords and certificates for all applications including web browsers. It provides default encryption of the passwords and certificates using the user's login password, locks and unlocks the chain per application etc. Basically everything we've had to re-implement for our password manager (including Master Password etc).
We should transition to using Keychain Sevices as the "out of the box" back end for storing passwords and certificates. This will allow users transitioning from Safari and Camino to bring across their site passwords in addition to their Bookmarks, Preferences and other data for the optimal user experience.
We should retain the existing back end in code for Windows and Linux, and for Mac OS X 1.0 users who have established password and certificates collections. We need some heuristic for detecting whether or not Firefox is the default browser, has an established password collection etc so we can determine which back end to use.
We might also offer a hidden pref to let users toggle between the two in case the heuristic breaks down.
The integration is very simple - where we retrieve password and certificate data from our password and certificate store now, we alternate on some preference value ("use keychain") - if not, use the old way, if so, call SecKeychainFindInternetPassword to get the value.
By keeping the integration at this very low level we can minimize the impact of the changes and retain the functionality that Firefox users expect - dropdown showing choice of options (multiple options can be stored in our signons file - we just don't store the passwords and certificates there) - we can even add metadata (username/password field name attribute values) when we discover them to the signon file, which at that point just becomes a metadata storage point.
Dependencies
Two dependencies for Keychain Services integration on Mac OS X:
- the ability to open Keychain Services from Preferences (add a method or constant to nsI*ShellService)
- the ability to detect if default browser (implemented on Windows but not MacOS X) (this may prove challenging in addition since nsIShellService is a browser API, not a toolkit one where password manager lives. Maybe it should move, or become more generic)
Work Estimate
2 weeks