canmove, Confirmed users
285
edits
Security/Features/HighlightCleartextPasswords: Difference between revisions
Security/Features/HighlightCleartextPasswords (view source)
Revision as of 00:27, 28 April 2012
, 28 April 2012no edit summary
No edit summary |
No edit summary |
||
| Line 9: | Line 9: | ||
}} | }} | ||
{{FeaturePageBody | {{FeaturePageBody | ||
|Feature open issues and risks=* What do we mean by "Highlight"? | |Feature open issues and risks=<b>* This whole feature page is based off the idea that we can detect when type=password and warn users about a potential mitm. However, the mitm can simply change type=password to type=text to circumvent the warning. Hence, we need to rework this feature. Use case 1 is still a valuable use case to protect though, since we protect against eavesdroppers and cookies being transmitted from network to network in cleartext.</b> | ||
* What do we mean by "Highlight"? | |||
** icon in the placeholder for all type=password (ex: lock and unlock) | ** icon in the placeholder for all type=password (ex: lock and unlock) | ||
** text in placeholder ("insecure", "sent unencrypted" "susceptible to eavesdropping", "page is unencrypted"etc.) Potentially different text depending on what the issues is on the page. | ** text in placeholder ("insecure", "sent unencrypted" "susceptible to eavesdropping", "page is unencrypted"etc.) Potentially different text depending on what the issues is on the page. | ||
| Line 49: | Line 51: | ||
Phase 2: Use case 4 & 5 - Deal with mixed content. | Phase 2: Use case 4 & 5 - Deal with mixed content. | ||
|Feature ux design=Multiple options here. See Open Issues - "What do we mean by Highlight." | |Feature ux design=Multiple options here. See Open Issues - "What do we mean by Highlight." | ||
|Feature implementation plan=https://bugzilla.mozilla.org/show_bug.cgi?id=748193 | |Feature implementation plan=https://bugzilla.mozilla.org/show_bug.cgi?id=748193 | ||