canmove, Confirmed users
285
edits
Security/Features/HighlightCleartextPasswords: Difference between revisions
Jump to navigation
Jump to search
Security/Features/HighlightCleartextPasswords (view source)
Revision as of 23:38, 9 May 2012
, 9 May 2012no edit summary
No edit summary |
No edit summary |
||
| Line 24: | Line 24: | ||
* How do we redirect users to the secure version of the page | * How do we redirect users to the secure version of the page | ||
** Site identity button (Larry)? https://wiki.mozilla.org/Privacy/Features/Improve_site_identity_button | ** Site identity button (Larry)? https://wiki.mozilla.org/Privacy/Features/Improve_site_identity_button | ||
** | ** Display info bar onfocus of pwd field | ||
** Clicking the icon in the placeholder | |||
** Link in the tooltips hint | |||
** Link in the constraint validation hint | |||
* How do we detect the fqdn of the https version of an http page? | |||
** Try just adding an s and check the status code in the response | |||
** Leverage data in password manager | |||
** Query http://foo.com/login.txt or https://foo.com/login.txt (similar concept to robots.txt). Websites create a login.txt that tells browser where to get the ssl version of a specific page. | |||
* Integration with Password Manager. If a page has a highlighted password field, should passwords not automatically be populated by Password Manager? If we did this, and a user wanted the password autofilled anyway, how would they do that? What would the UX look like? | * Integration with Password Manager. If a page has a highlighted password field, should passwords not automatically be populated by Password Manager? If we did this, and a user wanted the password autofilled anyway, how would they do that? What would the UX look like? | ||
| Line 67: | Line 76: | ||
|Feature ux design=Multiple options here. See Open Issues - "What do we mean by Highlight." | |Feature ux design=Multiple options here. See Open Issues - "What do we mean by Highlight." | ||
|Feature implementation plan=https://bugzilla.mozilla.org/show_bug.cgi?id=748193 | |Feature implementation plan=https://bugzilla.mozilla.org/show_bug.cgi?id=748193 | ||
Phase 0: User Research. First on the password field itself, then later on how to redirect to the secure version of the site. | |||
Phase 1: Use cases 1-3 - General case. | |||
Phase 2: Use case 4 & 5 - Deal with mixed content. | |||
}} | }} | ||
{{FeatureInfo | {{FeatureInfo | ||
| Line 76: | Line 91: | ||
{{FeatureTeamStatus}} | {{FeatureTeamStatus}} | ||
== Additional Notes == | == Additional Notes == | ||
https page with http form post: | |||
* chromes behavior: does nothing. | * chromes behavior: does nothing. | ||
* safari: warning text | * safari: warning text | ||