User:Dolske/Password Manager Security Review: Difference between revisions

User:Dolske/Password Manager Security Review (view source)

Revision as of 05:29, 30 July 2007

2,937 bytes added , 30 July 2007

mid-edit checkpoint...

Dolske

canmove, Confirmed users

432

edits

@@ Line 1: / Line 1: @@
 = Status =
 ;Feature tracking bug
-* {{bug|xxxxx}}
+* {{bug|371000}} - Password Manager update metabug
-* ''any other high-level tracking bugs can be listed here''
+* {{bug|374723}} - Password Manager should be a JavaScript-based component
 '' Has a design review been completed?''
 '' When do you anticipate the feature landing''
+Password Manager was an existing feature. The most significant update (the JS rewrite) landed for Alpha 5. Other modifications have been landing since then.
+Remaining work: notification bar, UI cleanup.
 ''Any relevant status comments for the feature can be placed here.''
@@ Line 34: / Line 38: @@
 == Exported APIs ==
 * Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.)
+[http://mxr.mozilla.org/seamonkey/source/toolkit/components/passwordmgr/public/nsILoginInfo.idl nsILoginInfo.idl]
+[http://mxr.mozilla.org/seamonkey/source/toolkit/components/passwordmgr/public/nsILoginManager.idl nsILoginManager.idl]
+[http://mxr.mozilla.org/seamonkey/source/toolkit/components/passwordmgr/public/nsILoginManagerStorage.idl nsILoginManangerStorage.idl]
+In user's profile:
+signons2.txt
+key3.db (dependancy)
+Current UI:
+In preferences, under "Security" tab, a "Passwords" section...
+* "Remember password for sites" checkbox
+* "Use a master password" checkbox
+* "Change master password" button [PSM]
+* "Show Passwords" button
+** Popup window with a list of stored logins
+* "Exceptions" button
+** Popup window with a list of sites for which logins should not be saved
+Prompts for HTTP/FTP authentication, changing passwords.
+Notification bar to allow saving a login (for a HTTP/FTP authentication, or submission of a form-based login).
 * Does it interoperate with a web service? How will it do so?
+No. A simple "store-my-passwords.com" could, by implementing a nsILoginManagerStorage module. More complex authentication schemes (eg OpenID, CardSpace) would require deeper changes to Mozilla.
 * Explain the significant file formats, names, syntax, and semantics.
+signons2.txt:
+key3.db:
 * Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully?
+Yes. (IDL, devmo, straightforward)
 * Does it change any existing interfaces?
+Yes. It completely replaces all of the existing Password Mananger interfaces. They were poorly designed and not well documented.
 == Web Compatibility ==
 * Does the feature had any impact on Web compatibility?
+Yes. There is no standard for programatically locating logins in a document's form, so there is a certain degree of fuzzy logic involved in doing this. Password fields are easy to find, but the Password Manager must try to determine is a username field is present (and where it is), and how to handle multiple password fields. As there is no standard, login forms can come in many different flavors.
+The previous password manager usually handled the most common cases, but was not very robust. The new code is more robust and handles more cases, and has a test suite to exercise many variations. There is some risk that the change in algorithms could break a small number of sites, but overall more sites should work.
 == Performance ==
 * How will the project contribute (positively or negatively) to "perceived performance"?
+There should not be any effect on performance-sensitive areas.
 * What are the performance goals of the project? How were they evaluated? What is the test or reference platform and baseline results?
 * Will it require large files/databases (for example, browsing history)?
@@ Line 47: / Line 95: @@
 * What failure modes or decision points are presented to the user?
 * Can its files be corrupted by failures? Does it clean up any locks/files after crashes?
+The only file it writes to, signons2.txt, is edited using a nsISafeOutputStream. The original file is only updated (atomically) upon success.
 == l10n and a11y ==
 * are any strings being changed or added?
+There may be some string changes as the UI is polished, but the major work to date has been accomplished with the existing strings.
 * are all UI elements available through accessibility technologies?
+Yes. (notification bar??)
 == Installation, Upgrade/Downgrade/Sidegrade, and platform requirements ==
 * Does it equally support all Tier-1 platforms?
+Yes.
 * Does is have a hardware requirement (or increase minimum requirements)?
+No.
 * Does it require changes to the installer?
+No.
 * Does it impact updates?
+No.
 *list the expected behavior of this feature/function when Firefox is upgraded to a newer minor release, downgraded by installation of an earlier revision, or re-installed (same version)
@@ Line 61: / Line 128: @@
 * Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables?
 * Are there build options for developers? [#ifdefs, ac_add_options, etc.]
+The signons.debug pref is available for logging extra debug information to the console, to help with runtime diagnosis of problems.
 * What ranges for the tunable are appropriate? How are they determined?
+No tunables, all prefs are boolean on/off.
 * What are its on-going maintenance requirements (e.g. Web links, perishable data files)?
+None.
 == Relationships to other projects - are there related projects in the community? ==
 * If so, what is the proposal's relationship to their work? Do you depend on others' work, or vice-versa?
@@ Line 69: / Line 145: @@
 == Documentation ==
 * Do built-in Help pages need modified?
+TBD?
 * Documentation for developer.mozilla.org?
+Complete.
+(insert URLs here)
 == Other ==