Help wanted to test new password manager backend
-
- Posts: 4
- Joined: November 5th, 2002, 12:24 am
Help wanted to test new password manager backend
Hi all,
I'm looking to get some more widespread testing of a new Password Manager backend I've been working on for Firebird. I've made experimental builds available with the new backend:
http://ftp.mozilla.org/pub/firebird/nig ... erimental/
Before you download these builds, please note: there is a definite potential for your saved passwords to be lost when using this build. You should back up your stored passwords before running the experimental build. The stored password file has a random name, but you can identify it by the ".s" extension (it is located in your profile directory).
One important functional change is that the encrypting vs. obscuring preference has been removed. Passwords are now always stored encrypted. If you have a master password set, you will be prompted for it the first time a password needs to be stored or prefilled.
I'd really like to hear about any issues anyone finds with the new implementation. In particular, I'd like to make sure that everyone's pre-existing saved passwords are read in correctly, and that there aren't any sites where the prefill works incorrectly.
Please DO NOT report bugs on the new password manager in Bugzilla (that would create confusion at this point). Instead, post them as replies to this thread.
Thanks!
I'm looking to get some more widespread testing of a new Password Manager backend I've been working on for Firebird. I've made experimental builds available with the new backend:
http://ftp.mozilla.org/pub/firebird/nig ... erimental/
Before you download these builds, please note: there is a definite potential for your saved passwords to be lost when using this build. You should back up your stored passwords before running the experimental build. The stored password file has a random name, but you can identify it by the ".s" extension (it is located in your profile directory).
One important functional change is that the encrypting vs. obscuring preference has been removed. Passwords are now always stored encrypted. If you have a master password set, you will be prompted for it the first time a password needs to be stored or prefilled.
I'd really like to hear about any issues anyone finds with the new implementation. In particular, I'd like to make sure that everyone's pre-existing saved passwords are read in correctly, and that there aren't any sites where the prefill works incorrectly.
Please DO NOT report bugs on the new password manager in Bugzilla (that would create confusion at this point). Instead, post them as replies to this thread.
Thanks!
- DamianMoran
- Posts: 726
- Joined: January 30th, 2003, 10:14 pm
Dl'ing, but one quick Q, it is possible to set Master Password without using old prefs panel?
EDIT: Using now, are there any steps you would like tested?
EDIT: Using now, are there any steps you would like tested?
Last edited by DamianMoran on August 1st, 2003, 5:51 pm, edited 1 time in total.
- DamianMoran
- Posts: 726
- Joined: January 30th, 2003, 10:14 pm
- DamianMoran
- Posts: 726
- Joined: January 30th, 2003, 10:14 pm
- alanjstr
- Moderator
- Posts: 9100
- Joined: November 5th, 2002, 4:43 pm
- Location: Anywhere but here
- Contact:
DamianMoran wrote:Weird. Went to login to mail.yahoo.com (not stored or cookied) and it didn't even ask me to save password.
Yahoo never gets stored for me in the first place. They prob have it disabled somehow.
Former UMO Admin, Former MozillaZine General Mod
I am rarely on mozillaZine, so please do not send me a private message.
My Old Firefox config files
I am rarely on mozillaZine, so please do not send me a private message.
My Old Firefox config files
- Steffen
- Posts: 524
- Joined: May 10th, 2003, 3:17 pm
- Location: Munich
FB remembered all my saved passwords. It let me choose a master pw the first time I saved a new pw. Clearing saved passwords works. I restarted FB and readded my passwords.
After every single start of FB, the first time the pw manager is used, for example browsing to a site where you need to login and have your pw saved, it asks for the master pw.
One Problem: On https://www.polypol.com/ I can login and logout. After logout, 22 asterisks are displayed in the password field in the login form. This is odd because my pw for that site is only 6 characters long. Only my id has got 22 characters! I cannot login with this false pw. This false pw is stored!! If I correct the pw at the second login, the correct pw is saved and 6 asterisks are displayed from that on before and after logout.
After every single start of FB, the first time the pw manager is used, for example browsing to a site where you need to login and have your pw saved, it asks for the master pw.
One Problem: On https://www.polypol.com/ I can login and logout. After logout, 22 asterisks are displayed in the password field in the login form. This is odd because my pw for that site is only 6 characters long. Only my id has got 22 characters! I cannot login with this false pw. This false pw is stored!! If I correct the pw at the second login, the correct pw is saved and 6 asterisks are displayed from that on before and after logout.
- DamianMoran
- Posts: 726
- Joined: January 30th, 2003, 10:14 pm
- Steffen
- Posts: 524
- Joined: May 10th, 2003, 3:17 pm
- Location: Munich
Damian, just test everything you can think of related to passwords!
Another problem: My dictionary bookmarklet (found on the bottom left of the linked page) doesn't work anymore.
Usually I highlight a word and click on it and it opens the translation in a new page. If I didn't highlight something, a messagebox pops up and let me enter a word.
But now it first asks for the master password! Then the messagebox pops up even if I've got something highlighted. Then, it is prefilled with one of my IDs. There is also a checkbox "Use Password Manager to remember this value". And the worst: clicking OK leads to nothing. The messagebox closes but the translation page does not open.
Another problem: My dictionary bookmarklet (found on the bottom left of the linked page) doesn't work anymore.
Usually I highlight a word and click on it and it opens the translation in a new page. If I didn't highlight something, a messagebox pops up and let me enter a word.
But now it first asks for the master password! Then the messagebox pops up even if I've got something highlighted. Then, it is prefilled with one of my IDs. There is also a checkbox "Use Password Manager to remember this value". And the worst: clicking OK leads to nothing. The messagebox closes but the translation page does not open.
- Goldzilla
- Posts: 2579
- Joined: November 22nd, 2002, 6:52 pm
DamianMoran wrote:Weird. Went to login to mail.yahoo.com (not stored or cookied) and it didn't even ask me to save password.
There's a sample webpage on the net somewhere that shows you how to autologin into Yahoo Email but you have to store your username and password into a webpage in cleartext. Though this should be okay on a secure machine with an expendable account. Instructions are in the proxomitron yahoo group.
The Yahoo email stuff is just a form and you only have to post some information to it.
- shadytrees
- Moderator
- Posts: 11743
- Joined: November 30th, 2002, 6:41 am
- tseelee
- Posts: 628
- Joined: May 3rd, 2003, 10:34 pm
- Location: Ridgewood, NY
- Contact:
- Steffen
- Posts: 524
- Joined: May 10th, 2003, 3:17 pm
- Location: Munich
hao2lian wrote:BTW, any other important new features we should know about (translation: give us the scoop, man)?
Bookmarklets aren't Mozilla-specific. They're just bookmarks containing javascript code. Another, more simple one is this:
Code: Select all
javascript:window.open('http://validator.w3.org/check?uri='+location);void%200
Create a bookmark in your bookmarks toolbar, right-click, select Properties and paste this code into the location line. When you click on it, it validates the current page in a new tab/window. Very handy.
But what's new about the password manager is the new master password. You've got to enter it the first time. It has a password strength indication. Make it not too short and include numbers and special characters to get it strong.
The master password question is asked a second time if you click cancel. Don't know if this is intended.
It's case sensitive and doesn't like if you enter more characters than your master pw is long. Just what you expect.