Security/Features/Identify which bits are unencrypted: Difference between revisions

Jump to navigation Jump to search

Security/Features/Identify which bits are unencrypted (view source)

Revision as of 23:20, 5 April 2012

431 bytes removed ,  5 April 2012
no edit summary
No edit summary
No edit summary
Line 6: Line 6:
{{FeatureTeam
{{FeatureTeam
|Feature product manager=Sid Stamm
|Feature product manager=Sid Stamm
|Feature lead engineer=Tanvi Vyas
}}
}}
{{FeaturePageBody
{{FeaturePageBody
|Feature overview=Highlight passwords and other sensitive data that is not transmitted over ssl.  For the first stage, we will focus on type=password
|Feature overview=Help users understand which bits are unencrypted (e.g., identify form fields that will be transmitted in the clear)
|Feature users and use cases=* A user is asked to login on an http page. The login form submits to an http destination.  Users password is sent in cleartext.
|Feature dependencies=https://wiki.mozilla.org/Security/HighlightCleartextPasswords
* A user is asked to login on an https page.  The login form submits to an http destination.  Users password is sent in cleartext.
|Feature requirements=* Identify and highlight additional password fields (in addition to type=password: https://wiki.mozilla.org/Security/HighlightCleartextPasswords)
* A user is asked to login on an http page.  The login form submits to an https destination.  An attacker can mitm the first request to the login page and replace the form with one that submits the password to the attackers webpage instead.
* Identify all insecure form fields
|Feature requirements=When type=password, outline the password box in red.  Also add a note to the user that occurs onfocus so they know why the form is outlined in red (perhaps utilizing Constraint Validation)
* Identify unencrypted-for-delivery DOM elements on the page
}}
}}
{{FeatureInfo
{{FeatureInfo
|Feature priority=P2
|Feature priority=Unprioritized
|Feature theme=Secure Network Connections
|Feature theme=Secure Network Connections
|Feature roadmap=Security
|Feature roadmap=Security
Tanvi
canmove, Confirmed users
285

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/417210"

Navigation menu