[Ext] Opera Wand for Firefox - SecureLogin

Announce and Discuss the Latest Theme and Extension Releases.
Post Reply
madblueimp
Posts: 524
Joined: January 31st, 2007, 12:23 pm
Contact:

Post by madblueimp »

Version 0.1.4 released:
http://blueimp.net/mozilla/

New Feature:
If you hover over one of the Secure Login icons, the target webpage is shown in a tooltip, as well as the number of available logins.
User avatar
Eygte450
Posts: 179
Joined: July 20th, 2006, 12:52 pm

Post by Eygte450 »

Good extension, but it lacks a few features I miss from Opera's Wand:

- Maybe you can make a Preference window with hotkeys for filling the datas, like CTRL+Enter, CTRL+ALT+Enter, SHIFT+Enter and so on...

- In the same Preference window, a checkbox like "Show icon in Status Bar"

- I would love your extension if it didn't make use of the native password manager. I don't save mine because anyone can click "Tools - Options - Security - Show Passwords..." and see (2 perfils is out of question); and I hate how the way Master Password is implemented.
madblueimp
Posts: 524
Joined: January 31st, 2007, 12:23 pm
Contact:

Post by madblueimp »

The preferences window is definitely on my TODO-list.

For now, you can hide or rearrange the statusbar icon using the Organize Status Bar Extension.

Well, about using the built-in password manager, I think I will stick with it.
But I too have some proposals how it could be improved. For example saving more than the domain name to recognize password fields.

As matters security, my opinion is that as long as you don't trust someone you shouldn't let him/her on your PC. If you have to share it, securing your passwords with the built-in Master Password could be enough if you like it.

I have my /home partition encrypted (using Linux, see https://blueimp.net/linux/howto/encryption.txt) and lock the screen when I'm not on my PC while it is running. And this can already be called paranoid. ;)

Well, if someone has access to your PC, even that wouldn't be enough. If he can change your System, he could manipulate system functions to read your unencrypted data while you're using it, perhaps even sending it over the net.

The only way to be perfectly sure would mean encrypting your whole system and making sure the hardware has not been manipulated. But I'm not paranoid enough for that effort. :D
rasputin67
Posts: 3
Joined: February 5th, 2007, 4:55 pm

Post by rasputin67 »

This extension is simply awesome ! Thanks.

Just one issue to mention, when it comes to sites which have
a field (in this case a drop down) close to the "user-name" textfield.

Example : http://img466.imageshack.us/my.php?image=exampleyy8.png

Sorry about the example of a russian mail-provider in cyrillic (don't speak it myself)
but it should illustrate what I'd like to explain.
Though the 'right' entries have been saved in the password manager and
it works using it w/o securelogin, the extension marks the drop-down box
and tries to fill it instead of the textfield right to the left of it.

Thanks again

rasputin67
madblueimp
Posts: 524
Joined: January 31st, 2007, 12:23 pm
Contact:

Post by madblueimp »

I'm currently working on the preferences.
The bug with form elements between user and password field is already fixed.
I will upload a new version including the fix soon, might be in the next couple of hours.
madblueimp
Posts: 524
Joined: January 31st, 2007, 12:23 pm
Contact:

Post by madblueimp »

Version 0.2 has been released.

Bugfixes:
- Form elements not of type="text" between user and password field are now ignored in searching the login fields.

New features:
- Settings menu
- Context menu on status bar icon to open the settings
- Option to hide the status bar icon
- Option to deactivate JavaScript event handlers on login *

* This can prevent XSS (Cross Site Scripting) attacks to steal your login data without having to deactivate JavaScript completely.

https://blueimp.net/mozilla/
madblueimp
Posts: 524
Joined: January 31st, 2007, 12:23 pm
Contact:

Post by madblueimp »

I thought about implementing a keyboard shortcut setting and halfway implemented it but didn't finish for these reasons:
- ALT+N isn't used yet according to http://kb.mozillazine.org/Keyboard_shor ... s_(Firefox)
- ALT+N can be performed with one hand
- most people don't bother about changing the hotkey
- There exists a keyboard shortcut extension, which can configure SecureLogin's shortcut as well => http://www.extensionsmirror.nl/index.php?showtopic=254
- The SecureLogin keyboard shorcut can be configured manually by changing the language files
User avatar
Uncle Spellbinder
Posts: 3519
Joined: May 28th, 2004, 4:52 pm
Location: Highland, IN - U.S.A.
Contact:

Post by Uncle Spellbinder »

Excellent extension! Been away for a bit, only found this today and have installed Version 0.2.

BRAVO!!
Image
My Firefox Add-Ons Collection: Firefox Essentials
madblueimp
Posts: 524
Joined: January 31st, 2007, 12:23 pm
Contact:

Post by madblueimp »

Version 0.3 has been released.

Bugfixes:
- The updateStatus method had been called twice onStateChange - fixed

New features:
- Statusbar icon indicates if JavaScript event handlers are present for logins
- Tooltip (statusbar and toolbar) indicates if JavaScript event handlers are present for logins
- A sound can be played if JavaScript event handlers are present for logins
- Another sound can be played if logins have been found (but no event handlers)

Notice:
Sound files are not included. The settings dialog allows to choose them from the local filesystem.
The audio files must be Wave-Audio (*.wav) and should be very short.

Important:
JavaScript event handler search is only active if valid logins found.
Only the event handlers associated with the login action are analyzed.

https://blueimp.net/mozilla/
madblueimp
Posts: 524
Joined: January 31st, 2007, 12:23 pm
Contact:

Post by madblueimp »

I changed my webhoster.
It could be that not all DNS Server entries have been updated yet.

So long, you can still use my new IP as URL:

http://80.83.114.72/mozilla/
madblueimp
Posts: 524
Joined: January 31st, 2007, 12:23 pm
Contact:

Post by madblueimp »

Version 0.3.1 released:

Bugfix:
Keyboard shortcut was set to all ALT+key combinations by accident. It is now only ALT+N.

New Feature:
Shows the keyboard shortcut (ALT+N) in tooltip.

https://blueimp.net/mozilla/
-ck-
Posts: 219
Joined: November 6th, 2004, 1:40 am

Post by -ck- »

I am experiencing a loss of password autofill after upgrading to 1.5.0.10 rc1 from 1.5.0.9

signon.prefill is still set to true

downgrading back to 1.5.0.9 does not help :(

passwords are still in the list, just not autofilling

thanks for any ideas on what to try to fix this!
madblueimp
Posts: 524
Joined: January 31st, 2007, 12:23 pm
Contact:

Post by madblueimp »

As long as you use the SecureLogin extension, the prefilling of login forms is deactivated. This is a feature, not a bug. ;)
Did you read the description on https://blueimp.net/mozilla/ before install?

It is the whole purpose of SecureLogin NOT to fill passwords by default, as this is a security risk.

If you still want the autofill of passwords, deactivate or deinstall SecureLogin. This will reactivate the autofill if this was your previous setting.

But apart from being more secure, the login is more comfortable with my Extension as well (my opinion):
It uses the built-in password manager, but deactivates the prefilling of login forms *.

Instead, you are now able to login with one click or a keyboard shortcut (ALT+N).

Just add the Secure Login toolbar button to your toolbar, or use the provided statusbar icon.

If you saved more than one user login for a webpage or several login forms are provided on one page, a selection prompt is displayed.
madblueimp
Posts: 524
Joined: January 31st, 2007, 12:23 pm
Contact:

Post by madblueimp »

Thanks to Malte Kraus who pointed out that the JavaScript code protection could be circumvented using the addEventListener methods.

As long as Firefox doesn't implement DOM Level 3 there is no EventListenerList attribute to enumerate the registered listeners for a given object.

Therefore JavaScript code protection has been rewritten and a new version has been released, including a minor bugfix:

Version 0.4

Bugfix:
- Login forms using input type="image" do work now.

New features:
- Rewritten JavaScript code protection.

Note:
The JavaScript code protection might not work with every login. There might be character encoding issues, as the data is sent manually using internal Firefox methods. This needs more testing but isn't that high on the priority list as the SecureLogin extension works as it is. The extra protection is good to have but will most likely not work with pages using JavaScript to submit the form data as well.

I thought about enabling Frames support for SecureLogin, but gave the idea up. This would mean to parse every single frame for forms, user+pass fields and according saved login data as Firefox doesn't save this information.
Most login pages don't need frames and those without can be considered more secure, too.
Post Reply