canmove, Confirmed users
285
edits
Security/Features/HighlightCleartextPasswords: Difference between revisions
Security/Features/HighlightCleartextPasswords (view source)
Revision as of 00:35, 27 July 2012
, 27 July 2012no edit summary
No edit summary |
No edit summary |
||
| Line 54: | Line 54: | ||
# A user is asked to login on an http page. The login form submits to an https destination. An attacker can mitm the first request to the login page and replace the form with one that submits the password to the attackers webpage instead. | # A user is asked to login on an http page. The login form submits to an https destination. An attacker can mitm the first request to the login page and replace the form with one that submits the password to the attackers webpage instead. | ||
#* '''Highlight that the password field is insecure. Provide an option to visit the https version of the page if possible.''' | #* '''Highlight that the password field is insecure. Provide an option to visit the https version of the page if possible.''' | ||
# A user is asked to login on an https page. The login form submits to an https destination. But the page | # A user is asked to login on an https page. The login form submits to an https destination. But the page includes active Mixed Script Content (scripts/css/etc). | ||
#* '''Highlight that the password field is insecure. Provide the user an option to reload the page with mixed content blocked.''' | #* '''Highlight that the password field is insecure. Provide the user an option to reload the page with mixed content blocked.''' | ||
# A user is asked to login on an https page. The login form submits to an https destination. But the page | # A user is asked to login on an https page. The login form submits to an https destination. But the page includes Mixed Display Content (ex: images). | ||
#* '''Do nothing''' | #* '''Do nothing''' | ||
# A user is asked to login to an https page. The login form submit calls a javascript function. Hence, the form post may or may not be over https depending on the javascript. | # A user is asked to login to an https page. The login form submit calls a javascript function. Hence, the form post may or may not be over https depending on the javascript. | ||
| Line 67: | Line 67: | ||
* The browser CANNOT redirect the user automatically. The user may have never intended to login on that page, and we could end up DoS'ing sites that are not ready for the SSL load. (All firefox non-logged in users would visit the SSL page even if they don't have an account and don't want to login.) | * The browser CANNOT redirect the user automatically. The user may have never intended to login on that page, and we could end up DoS'ing sites that are not ready for the SSL load. (All firefox non-logged in users would visit the SSL page even if they don't have an account and don't want to login.) | ||
The website SHOULD NOT be able to overwrite the | The website SHOULD NOT be able to overwrite or replace the warning icon content. | ||
|Feature non-goals=This item is only for type=password. Other sensitive data is captured in this feature page: | |Feature non-goals=This item is only for type=password. Other sensitive data is captured in this feature page: | ||
https://wiki.mozilla.org/Security/Features/Identify_which_bits_are_unencrypted | https://wiki.mozilla.org/Security/Features/Identify_which_bits_are_unencrypted | ||
| Line 74: | Line 74: | ||
|Feature functional spec=Phase 1: Use cases 1-3 - General case. | |Feature functional spec=Phase 1: Use cases 1-3 - General case. | ||
Phase 2: Use case 4 | Phase 2: Use case 4 - Mixed Script Content. Blocked on bug 62178. | ||
|Feature ux design=Multiple options here. See Open Issues. | |Feature ux design=Multiple options here. See Open Issues. | ||
|Feature implementation plan=https://bugzilla.mozilla.org/show_bug.cgi?id=748193 | |Feature implementation plan=https://bugzilla.mozilla.org/show_bug.cgi?id=748193 | ||
| Line 82: | Line 82: | ||
Phase 1: Use cases 1-3 - General case. | Phase 1: Use cases 1-3 - General case. | ||
Phase 2: Use case 4 | Phase 2: Use case 4 - Mixed Script Content. | ||
}} | }} | ||
{{FeatureInfo | {{FeatureInfo | ||
| Line 107: | Line 107: | ||
Other Ideas: | Other Ideas: | ||
* In cases where you have logged in over https before, when click on a username field, show a bubble that says "Or login securely" with a link. | * In cases where you have logged in over https before, when you click on a username field, show a bubble that says "Or login securely" with a link. | ||
* Icon on right side of the password field that says "take me to the secure version". Ex: clicking unlock icon takes you the ssl version (if one exists). Otherwise, its not clickable. | * Icon on right side of the password field that says "take me to the secure version". Ex: clicking unlock icon takes you the ssl version (if one exists). Otherwise, its not clickable. | ||
** Issue with this is that a user might accidentally click the icon and then wonder why they are being redirected. | ** Issue with this is that a user might accidentally click the icon and then wonder why they are being redirected. | ||
* | * Complete the first phase only for pages where you can login securely. So that there is something the user can do about it. | ||
* User has to hit the enter key twice to submit their password. If they click login button then it just submits (no double click needed). This might be good if the icon only shows up on focus (and hence the user might miss it). | * User has to hit the enter key twice to submit their password. If they click login button then it just submits (no double click needed). This might be good if the icon only shows up on focus (and hence the user might miss it). | ||