[Ext] Opera Wand for Firefox - SecureLogin
-
- Posts: 524
- Joined: January 31st, 2007, 12:23 pm
- Contact:
- Eygte450
- Posts: 179
- Joined: July 20th, 2006, 12:52 pm
Good extension, but it lacks a few features I miss from Opera's Wand:
- Maybe you can make a Preference window with hotkeys for filling the datas, like CTRL+Enter, CTRL+ALT+Enter, SHIFT+Enter and so on...
- In the same Preference window, a checkbox like "Show icon in Status Bar"
- I would love your extension if it didn't make use of the native password manager. I don't save mine because anyone can click "Tools - Options - Security - Show Passwords..." and see (2 perfils is out of question); and I hate how the way Master Password is implemented.
- Maybe you can make a Preference window with hotkeys for filling the datas, like CTRL+Enter, CTRL+ALT+Enter, SHIFT+Enter and so on...
- In the same Preference window, a checkbox like "Show icon in Status Bar"
- I would love your extension if it didn't make use of the native password manager. I don't save mine because anyone can click "Tools - Options - Security - Show Passwords..." and see (2 perfils is out of question); and I hate how the way Master Password is implemented.
-
- Posts: 524
- Joined: January 31st, 2007, 12:23 pm
- Contact:
The preferences window is definitely on my TODO-list.
For now, you can hide or rearrange the statusbar icon using the Organize Status Bar Extension.
Well, about using the built-in password manager, I think I will stick with it.
But I too have some proposals how it could be improved. For example saving more than the domain name to recognize password fields.
As matters security, my opinion is that as long as you don't trust someone you shouldn't let him/her on your PC. If you have to share it, securing your passwords with the built-in Master Password could be enough if you like it.
I have my /home partition encrypted (using Linux, see https://blueimp.net/linux/howto/encryption.txt) and lock the screen when I'm not on my PC while it is running. And this can already be called paranoid.
Well, if someone has access to your PC, even that wouldn't be enough. If he can change your System, he could manipulate system functions to read your unencrypted data while you're using it, perhaps even sending it over the net.
The only way to be perfectly sure would mean encrypting your whole system and making sure the hardware has not been manipulated. But I'm not paranoid enough for that effort.
For now, you can hide or rearrange the statusbar icon using the Organize Status Bar Extension.
Well, about using the built-in password manager, I think I will stick with it.
But I too have some proposals how it could be improved. For example saving more than the domain name to recognize password fields.
As matters security, my opinion is that as long as you don't trust someone you shouldn't let him/her on your PC. If you have to share it, securing your passwords with the built-in Master Password could be enough if you like it.
I have my /home partition encrypted (using Linux, see https://blueimp.net/linux/howto/encryption.txt) and lock the screen when I'm not on my PC while it is running. And this can already be called paranoid.
Well, if someone has access to your PC, even that wouldn't be enough. If he can change your System, he could manipulate system functions to read your unencrypted data while you're using it, perhaps even sending it over the net.
The only way to be perfectly sure would mean encrypting your whole system and making sure the hardware has not been manipulated. But I'm not paranoid enough for that effort.
-
- Posts: 3
- Joined: February 5th, 2007, 4:55 pm
This extension is simply awesome ! Thanks.
Just one issue to mention, when it comes to sites which have
a field (in this case a drop down) close to the "user-name" textfield.
Example : http://img466.imageshack.us/my.php?image=exampleyy8.png
Sorry about the example of a russian mail-provider in cyrillic (don't speak it myself)
but it should illustrate what I'd like to explain.
Though the 'right' entries have been saved in the password manager and
it works using it w/o securelogin, the extension marks the drop-down box
and tries to fill it instead of the textfield right to the left of it.
Thanks again
rasputin67
Just one issue to mention, when it comes to sites which have
a field (in this case a drop down) close to the "user-name" textfield.
Example : http://img466.imageshack.us/my.php?image=exampleyy8.png
Sorry about the example of a russian mail-provider in cyrillic (don't speak it myself)
but it should illustrate what I'd like to explain.
Though the 'right' entries have been saved in the password manager and
it works using it w/o securelogin, the extension marks the drop-down box
and tries to fill it instead of the textfield right to the left of it.
Thanks again
rasputin67
-
- Posts: 524
- Joined: January 31st, 2007, 12:23 pm
- Contact:
-
- Posts: 524
- Joined: January 31st, 2007, 12:23 pm
- Contact:
Version 0.2 has been released.
Bugfixes:
- Form elements not of type="text" between user and password field are now ignored in searching the login fields.
New features:
- Settings menu
- Context menu on status bar icon to open the settings
- Option to hide the status bar icon
- Option to deactivate JavaScript event handlers on login *
* This can prevent XSS (Cross Site Scripting) attacks to steal your login data without having to deactivate JavaScript completely.
https://blueimp.net/mozilla/
Bugfixes:
- Form elements not of type="text" between user and password field are now ignored in searching the login fields.
New features:
- Settings menu
- Context menu on status bar icon to open the settings
- Option to hide the status bar icon
- Option to deactivate JavaScript event handlers on login *
* This can prevent XSS (Cross Site Scripting) attacks to steal your login data without having to deactivate JavaScript completely.
https://blueimp.net/mozilla/
-
- Posts: 524
- Joined: January 31st, 2007, 12:23 pm
- Contact:
I thought about implementing a keyboard shortcut setting and halfway implemented it but didn't finish for these reasons:
- ALT+N isn't used yet according to http://kb.mozillazine.org/Keyboard_shor ... s_(Firefox)
- ALT+N can be performed with one hand
- most people don't bother about changing the hotkey
- There exists a keyboard shortcut extension, which can configure SecureLogin's shortcut as well => http://www.extensionsmirror.nl/index.php?showtopic=254
- The SecureLogin keyboard shorcut can be configured manually by changing the language files
- ALT+N isn't used yet according to http://kb.mozillazine.org/Keyboard_shor ... s_(Firefox)
- ALT+N can be performed with one hand
- most people don't bother about changing the hotkey
- There exists a keyboard shortcut extension, which can configure SecureLogin's shortcut as well => http://www.extensionsmirror.nl/index.php?showtopic=254
- The SecureLogin keyboard shorcut can be configured manually by changing the language files
- Uncle Spellbinder
- Posts: 3519
- Joined: May 28th, 2004, 4:52 pm
- Location: Highland, IN - U.S.A.
- Contact:
Excellent extension! Been away for a bit, only found this today and have installed Version 0.2.
BRAVO!!
BRAVO!!
My Firefox Add-Ons Collection: Firefox Essentials
-
- Posts: 524
- Joined: January 31st, 2007, 12:23 pm
- Contact:
-
- Posts: 524
- Joined: January 31st, 2007, 12:23 pm
- Contact:
Version 0.3 has been released.
Bugfixes:
- The updateStatus method had been called twice onStateChange - fixed
New features:
- Statusbar icon indicates if JavaScript event handlers are present for logins
- Tooltip (statusbar and toolbar) indicates if JavaScript event handlers are present for logins
- A sound can be played if JavaScript event handlers are present for logins
- Another sound can be played if logins have been found (but no event handlers)
Notice:
Sound files are not included. The settings dialog allows to choose them from the local filesystem.
The audio files must be Wave-Audio (*.wav) and should be very short.
Important:
JavaScript event handler search is only active if valid logins found.
Only the event handlers associated with the login action are analyzed.
https://blueimp.net/mozilla/
Bugfixes:
- The updateStatus method had been called twice onStateChange - fixed
New features:
- Statusbar icon indicates if JavaScript event handlers are present for logins
- Tooltip (statusbar and toolbar) indicates if JavaScript event handlers are present for logins
- A sound can be played if JavaScript event handlers are present for logins
- Another sound can be played if logins have been found (but no event handlers)
Notice:
Sound files are not included. The settings dialog allows to choose them from the local filesystem.
The audio files must be Wave-Audio (*.wav) and should be very short.
Important:
JavaScript event handler search is only active if valid logins found.
Only the event handlers associated with the login action are analyzed.
https://blueimp.net/mozilla/
-
- Posts: 524
- Joined: January 31st, 2007, 12:23 pm
- Contact:
I changed my webhoster.
It could be that not all DNS Server entries have been updated yet.
So long, you can still use my new IP as URL:
http://80.83.114.72/mozilla/
It could be that not all DNS Server entries have been updated yet.
So long, you can still use my new IP as URL:
http://80.83.114.72/mozilla/
-
- Posts: 524
- Joined: January 31st, 2007, 12:23 pm
- Contact:
Version 0.3.1 released:
Bugfix:
Keyboard shortcut was set to all ALT+key combinations by accident. It is now only ALT+N.
New Feature:
Shows the keyboard shortcut (ALT+N) in tooltip.
https://blueimp.net/mozilla/
Bugfix:
Keyboard shortcut was set to all ALT+key combinations by accident. It is now only ALT+N.
New Feature:
Shows the keyboard shortcut (ALT+N) in tooltip.
https://blueimp.net/mozilla/
-
- Posts: 219
- Joined: November 6th, 2004, 1:40 am
-
- Posts: 524
- Joined: January 31st, 2007, 12:23 pm
- Contact:
As long as you use the SecureLogin extension, the prefilling of login forms is deactivated. This is a feature, not a bug.
Did you read the description on https://blueimp.net/mozilla/ before install?
It is the whole purpose of SecureLogin NOT to fill passwords by default, as this is a security risk.
If you still want the autofill of passwords, deactivate or deinstall SecureLogin. This will reactivate the autofill if this was your previous setting.
But apart from being more secure, the login is more comfortable with my Extension as well (my opinion):
Did you read the description on https://blueimp.net/mozilla/ before install?
It is the whole purpose of SecureLogin NOT to fill passwords by default, as this is a security risk.
If you still want the autofill of passwords, deactivate or deinstall SecureLogin. This will reactivate the autofill if this was your previous setting.
But apart from being more secure, the login is more comfortable with my Extension as well (my opinion):
It uses the built-in password manager, but deactivates the prefilling of login forms *.
Instead, you are now able to login with one click or a keyboard shortcut (ALT+N).
Just add the Secure Login toolbar button to your toolbar, or use the provided statusbar icon.
If you saved more than one user login for a webpage or several login forms are provided on one page, a selection prompt is displayed.
-
- Posts: 524
- Joined: January 31st, 2007, 12:23 pm
- Contact:
Thanks to Malte Kraus who pointed out that the JavaScript code protection could be circumvented using the addEventListener methods.
As long as Firefox doesn't implement DOM Level 3 there is no EventListenerList attribute to enumerate the registered listeners for a given object.
Therefore JavaScript code protection has been rewritten and a new version has been released, including a minor bugfix:
Version 0.4
Bugfix:
- Login forms using input type="image" do work now.
New features:
- Rewritten JavaScript code protection.
Note:
The JavaScript code protection might not work with every login. There might be character encoding issues, as the data is sent manually using internal Firefox methods. This needs more testing but isn't that high on the priority list as the SecureLogin extension works as it is. The extra protection is good to have but will most likely not work with pages using JavaScript to submit the form data as well.
I thought about enabling Frames support for SecureLogin, but gave the idea up. This would mean to parse every single frame for forms, user+pass fields and according saved login data as Firefox doesn't save this information.
Most login pages don't need frames and those without can be considered more secure, too.
As long as Firefox doesn't implement DOM Level 3 there is no EventListenerList attribute to enumerate the registered listeners for a given object.
Therefore JavaScript code protection has been rewritten and a new version has been released, including a minor bugfix:
Version 0.4
Bugfix:
- Login forms using input type="image" do work now.
New features:
- Rewritten JavaScript code protection.
Note:
The JavaScript code protection might not work with every login. There might be character encoding issues, as the data is sent manually using internal Firefox methods. This needs more testing but isn't that high on the priority list as the SecureLogin extension works as it is. The extra protection is good to have but will most likely not work with pages using JavaScript to submit the form data as well.
I thought about enabling Frames support for SecureLogin, but gave the idea up. This would mean to parse every single frame for forms, user+pass fields and according saved login data as Firefox doesn't save this information.
Most login pages don't need frames and those without can be considered more secure, too.