canmove, Confirmed users
285
edits
Security/Features/PasswordManagerImprovements: Difference between revisions
Security/Features/PasswordManagerImprovements (view source)
Revision as of 01:17, 7 January 2015
, 7 January 2015no edit summary
No edit summary |
No edit summary |
||
| Line 22: | Line 22: | ||
** Fill-and-submit button is a different color | ** Fill-and-submit button is a different color | ||
** On mouseover of the fill in submit button, the user can read a tooltip that warns them that their password can be seen in the clear. | ** On mouseover of the fill in submit button, the user can read a tooltip that warns them that their password can be seen in the clear. | ||
** [https://bugzilla.mozilla.org/show_bug.cgi?id=1118558 Bug 1118558] Flag in the Password Manager User Interface that shows all saved logins. | |||
** See also [https://wiki.mozilla.org/Security/Features/HighlightCleartextPasswords Highlight Cleartext Passwords]. | ** See also [https://wiki.mozilla.org/Security/Features/HighlightCleartextPasswords Highlight Cleartext Passwords]. | ||
* [https://bugzilla.mozilla.org/show_bug.cgi?id=1118540 Bug 1118540] Secure Filling 1.0 - Passwords that are saved by the password manager should not be available to javascript on the page. The actual password values should only be sent on submit. This protects the password from attacks via xss, 3rd party javascript, etc. Implementation details: when a password is filled in on a form, fill hash(uri, username, salt) instead of the actual password. On submit, lookup the actual password value for that url and send that instead. Username is included for cases where there are multiple usernames. | * [https://bugzilla.mozilla.org/show_bug.cgi?id=1118540 Bug 1118540] Secure Filling 1.0 - Passwords that are saved by the password manager should not be available to javascript on the page. The actual password values should only be sent on submit. This protects the password from attacks via xss, 3rd party javascript, etc. Implementation details: when a password is filled in on a form, fill hash(uri, username, salt) instead of the actual password. On submit, lookup the actual password value for that url and send that instead. Username is included for cases where there are multiple usernames. | ||