Closed
Bug 1432
Opened 26 years ago
Closed 26 years ago
The User/Password privacy feature is confusing in NGLayout
Categories
(SeaMonkey :: Passwords & Permissions, defect, P1)
Tracking
(Not tracked)
VERIFIED
INVALID
People
(Reporter: angus, Assigned: morse)
References
()
Details
When you enter a form with a user/pass (for example, chat.yahoo.com), the query
as to whether you want "The browser to remember you username and password..."
appears in the stdout, not a dialog box. Meanwhile, the UI is frozen along with
(almost) everything else.
Most users won't know to look in the stdout.
Can we disable this until we can show this query in dialog boxes?
Reporter | ||
Updated•26 years ago
|
Severity: normal → major
Priority: P2 → P1
Summary: The User/Password privacy feature is confusing in NGLayout → ss:The User/Password privacy feature is confusing in NGLayout
Reporter | ||
Comment 1•26 years ago
|
||
This also occurs when logging into Netcenter. While the system is waiting for
the user to type something into stdout, the UI for viewer is totally locked
(doesn't repaint) and the user can't do anything. Most people will think the
browser crashed. This is unnacceptable - we need to disable the user/pass
caching stuff until it can use a dialog box or some other realistic UI.
Upping priority, severity; setting "ss" in summary. Gagan - this only started
happening this week.
Looks like this might be related to Steve Morse's recent work. To Steve for
comments...
Assignee | ||
Comment 3•26 years ago
|
||
Yes, this is from single signon. The problem is that the infastructure for
displaying a dialog box (FE_Confirm) is not yet in place. So I added a
temporary FE_Confirm which displays the message in stdout. Furthermnore, it
sounds a bell to alert the user to this message.
So rather than suppressing SingleSingon, I'd rather assign this bug to whomever
it is that is implenting the raptor equivalent of FE_Select. Can someone tell
me who that it?
If it is deemed desirable, we could disable this by removing the -DSingleSignon
from config.mak. But in my opinion that would be a bad thing to do for all of
the following reasons:
1. We want to get as much use out of single signon as possible so we can shake
out the bugs.
2. The people who are currently using the browser are not novice users but, on
the contrary, are developers and as such they can easily live with dialog boxes
coming up in stdout for the time being.
3. Disabling the feature would take the pressure off the appropriate people to
implement the raptor-based FE_Select (or its equivalent). This is a critical
dependency and we should put pressure on getting that in place ASAP.
As much as I agree with morse, I am getting inclined towards suggesting that we
should leave SingleSignon for Dec. release. Today is supposed to be a code
freeze for the same and we don't know who is responsible for FE_Select. So I
would recommend that SingleSignon's switch be flipped for now (build it only
when its defined as an environment variable)
Once the dec/dev release rolls out we can get this back on a higher priority.
Steve could you kindly do this?
Assignee | ||
Comment 5•26 years ago
|
||
The problem is not just single signon. As pointed out in e-mail messages, this
problem already existed for any site that requires authorization. Such
authorization dialog comes up in the stdout window and this occurred before I
ever added single signon. All I did was use the same temporary UI for the
single singon dialog that the authorization code was already using. So unless
we are going to remove this from all pages requesting authorization, I don't see
a compelling reason for removing it just for single singon.
I agree with Angus's comment that we can handle this by desribing it in
the release notes.
Please leave this on ss: so QA can Verify that this is out temporarily on next
build.
morse - per bug mtg today, please pull this festure for now. Thanks!
Reporter | ||
Comment 7•26 years ago
|
||
I would probably agree with morse if it weren't for the performance problems
we're experiencing (see bug 1507). Let's turn this off for now please.
The issue of getting the FE stuff implemented is not low on anyone's radar -
it's a top priority not only for this sort of thing, but for simple stuff like
JavaScript alerts. Finally, while I think you're right about how the usability
problem is there even without Single Sign on code for things like user_auth, the
problem is that the signle sign on code introduces this problem for a far
greater number of scenarios, such as any HTML form with a password field. Please
let's turn this off just for a few days.
Assignee | ||
Comment 8•26 years ago
|
||
There are several points in Angus's comments above that I need to reply to.
1. Angus mentioned the problem re bug 1507. That bug report talks about a
memory leak. I have looked into that bug and have not been able to reproduce
such a leak.
2. The code executed in bug 1507 has little to do with single signon -- it
involves the authentication dialog which already existed prior to single signon
being introduced. So whatever performance problem exists (and I agree there is
a performance problem there), removing single signon will not change that -- the
performance will be the same.
3. It's incorrect to say that single signon introduces the problem to a far
greater number of scenarious than does the authentication dialog. Yes, single
signon occurs on every page with a password form. But authentication occurs on
every page that requires authentication. Furthermore, when the single-signon
dialog occurs for the first time, the user is asked if he wants to have the
feature enabled and if he says no he never gets a single-signon dialog again,
either in the current session or in any subsequent ones. The authentication
dialog, on the other hand, occurs over and over again every time the user
accesses a page that needs authentication.
Reporter | ||
Comment 9•26 years ago
|
||
Two quick comments --
"It's incorrect to say that single signon introduces the problem to a far
greater number of scenarious than does the authentication dialog. Yes, single
signon occurs on every page with a password form. But authentication occurs on
every page that requires authentication." -- Actually, the former is far greater
than the latter, so the user *does* run into this problem on a far greater
number of sites (logging into netcenter, for instance)
Secondly, while I want to believe the claim that the performance degredation
(bug 1507) is not the single sign on code, the fact remains that I use the
viewer to access those sorts of sites and I never experienced the performance
slow down until the single sign on code was checked in.
If you feel passionately about this, leave it it. But I am fundamentally
convinced that it's the wrong thing for the product at this stage, and that
we'll confuse a lot of users.
Assignee | ||
Comment 10•26 years ago
|
||
Angus,
You missed the point of my comment about single signon being encountered less
frequently than authentication. There is an initial single-signon message will
happen exactly once and never again for the life of the browser. No further
single-signon messages occur unless the user responds to that message by saying
that he wants to enable single signon. The authentication message will keep
occuring every time the user goes to a site that requires authentication.
I agree with you that the one time that this message occurs will confuse lots of
users. But the many times the authentication message occur will confuse them
much more.
I will immediately look into the degredation issue some more (bug 1507) to
determine that either it is not single-signon related or, if it is, then to fix
it.
Reporter | ||
Comment 11•26 years ago
|
||
You're right - I'm wrong -- I missed that point. Let's release note it assuming
1507 is not SSI related. If 1507 isn't SSI, let's reassign it back to gagan.
Sorry for my confusion.
Summary: ss:The User/Password privacy feature is confusing in NGLayout → ss:rn-The User/Password privacy feature is confusing in NGLayout
Comment 12•26 years ago
|
||
Putting on ss:rn radar.
Assignee | ||
Updated•26 years ago
|
Summary: ss:rn-The User/Password privacy feature is confusing in NGLayout → ss:The User/Password privacy feature is confusing in NGLayout
Assignee | ||
Comment 13•26 years ago
|
||
I have thouroughly tested 1507 and do not see any poor performance. Nor do I
see the memory leak reported there. I don't know why Angus is seeing a
degredation and perhaps I'll take a look at his system when I'm down at Netscape
this Wednesday. See my additional comments in bug report 1507
OK, I know what the cause of the degradation is in bug 1507. It's not
single-signon related but it does have to do with some other changes I made at
the same time that I added single signon. See bug report 1507 for details.
Assignee | ||
Comment 14•26 years ago
|
||
oops -- ignore last paragraph in comment above. That was temporary wording that
I meant to delete before submitting but apparently I forgot to do so. The first
paragraph is the comment I meant to make.
Comment 15•26 years ago
|
||
I do not understand why this is still being discussed. My reading of the bug is
that it was decided at yesterday's bug meeting that this should be turned off
(see Leger comment above). Despite the more recent Angus/Morse comments, it
seems that this decision still applies.
Steve, could you turn the feature off for now (as per Gagan and Leger's
comments), or discuss at today's bug meeting?
Summary: ss:The User/Password privacy feature is confusing in NGLayout → rn: - The User/Password privacy feature is confusing in NGLayout
Comment 16•26 years ago
|
||
Per leger/rickg discussion, I will Release Note this behavior.
Comment 17•26 years ago
|
||
ok, my confusion. Thanks for updating the bug, Leger.
Summary: rn: - The User/Password privacy feature is confusing in NGLayout → The User/Password privacy feature is confusing in NGLayout
Comment 18•26 years ago
|
||
Decided not to Release Note this. Pulling off rn: status.
Reporter | ||
Comment 19•26 years ago
|
||
Why did we decide not to release note this? This should be in the release notes.
Assignee | ||
Comment 20•26 years ago
|
||
Contradictory to Jan's comment above, this was indeed released-noted. To wit:
Dialogs like JavaScript alert, confirm, and prompts, as well as other
dialogs such as user authentication, cookie warnings, form submission
warnings, DNS lookup failed, etc. are not currently enabled in NGT.
In place of many of these dialogs, text is printed to the console
window instead.
Comment 21•26 years ago
|
||
Yep. I did put it in and forgot to update bug. My apologies.
Assignee | ||
Updated•26 years ago
|
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → INVALID
Assignee | ||
Comment 22•26 years ago
|
||
This is not a bug. It reflects the state of the browser in the sense that the
infastructure for displaying dialogs has not yet been implemented. That's
different than saying that the UI for single-signon (user/password) is
confusing. So I am closing this report as being invalid.
Comment 23•26 years ago
|
||
Verifying as Invalid
Comment 24•26 years ago
|
||
Changing all Networking Library/Browser bugs to Networking-Core component for
Browser.
Occasionally, Bugzilla will burp and cause Verified bugs to reopen when I do
this in a bulk change. If this happens, I will fix. ;-)
Comment 25•25 years ago
|
||
Bulk move of all Networking-Core (to be deleted component) bugs to new
Networking component.
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•