Firefox won't quit normally w/ Ubiquity enabled, nom noms memory

[claimid.com/dsample]

Currently the CmdUtils?.savePassword and CmdUtils?.retrieveLogins functions use the formSubmitURL attribute of nsLoginInfo to store the details of the Command that wants to save a login. This is invisible within the Password Manager UI.

A change to use httprealm instead would be more visible to the end-user.

I have attached a patch

[claimid.com/dsample]

Patch

[fernandotakai.wordpress.com]

If you take a look here on the session called "Creating a local extension login" you'll see that the tutorial does not use the httpRealm option of the loginInfo - it uses the formSubmitURL. In the case of savePassword, we are using it to save information like Jaiku's api key (or even the ping.fm key!) - it is a secret thing, althought is not an httpRealm thing.
In the case of retrieveLogin, if you pass the same name (in this case, the name of the verb) to the both parameters (formSubmitURL and httprealm) it will retrieve the passwords both if you saved it as formSubmit or httprealm (i tested it on ff3.1b1).

If you wanna look at the verbs i'm using to test those functions, take a look at http://gist.github.com/25561

[fernandotakai.wordpress.com]

Talked to soon. In fact, passing the both arguments DOES NOT retrieves the login. But, as i said before, we are not getting login information - we are just getting information saved by the other function, and, as u followed the mozilla tutorial, it showed me to use the url, not the httpRealm. If anyone has a good argument against it, we can change - of course! =D

I think we should have another function to retrieve passwords saved on the real browser like the twitter one..

[claimid.com/dsample]

Sorry Atul, I couldn't follow your complete argument, but how about we thinking about this in a different way...

What does the User see (after all, these kind of things are meant for users)? They see the URL and the httprealm in Password manager, but they do not see the formSubmitURL. The reason I suggested using the httprealm was that then the user would have visibility, as the URL is fixed as 'chrome://ubiquity/content'.

What can and can't be changed to make it look better within Password Manager? Personally I would prefer to have something like 'ubiquity:' or 'addon:' as a prefix to the URL part of passwords saved by ubiquity commands or Firefox addons. That way it's visible to the user what exactly that login is for.

As for the comment about what we're saving... it doesn't matter whether it's the user's API key or password, they can both be saved in the password field, since you only need one or the other, never both.

Now, I'm assuming/hoping here that it doesn't actually matter (technically) what goes in each of the parameters, and that there isn't any security restriction that stops us naming the site as eg. 'ubiquity:magicious.delicious', but I could be completely wrong here.

The other alternative (although absurd)... maybe the whole Firefox Password Manager needs a rethink.

[fernandotakai.wordpress.com]

Looking on the Password Manager - specially to the passwords is saved with savePassword, i really cannot see the http realm. Don't know if it's only with Firefox 3.1.
(here is a screenshot).

I'm only using the chrome url because the tutorial told me so (i'm not fluent on the Firefox API yet, but i thought it was a good reason). But i like the idea of prefixing the url with the verb name - don't know what about the security of this, but anyways.

[claimid.com/dsample]

Just to log it from IRC... I pointed out that the screenshot did have an httprealm example on it, and also an 'invisible' formSubmitURL example for a ubiquity login.

The full transcript of the conversation is available at http://www.sample.org.uk/blog/files/2008-11-17_ubiquity_irc.txt and that conversation also inspired a blog post on the topic:
http://www.sample.org.uk/blog/?action=post&post=firefox_security_overhaul

[atul.toolness.com]

Milestone Ubiquity 0.2.1 release deleted

[me.yahoo.com/a/fdd90cg9icmsicxvoyjf4zcwm.tm7dh0#f4bbc]

#413 (CmdUtils.savePassword and CmdUtils.retrieveLogins should use Httprealm for end-user visibilty) – Ubiquity – Trac

[me.yahoo.com/a/fdd90cg9icmsicxvoyjf4zcwm.tm7dh0#f4bbc]

#413 (CmdUtils.savePassword and CmdUtils.retrieveLogins should use Httprealm for end-user visibilty) – Ubiquity – Trac

[www.google.com/accounts/o8/id?id=aitoawmtb3gjpkmn8lsxu5paedcc7hdyekstayq]

We are providing all kinds of louis vuitton handbags, wallets and purses in ourgucci Online Store, all items of which have the most popular styles and are the newest and at discounted prices.

We also provide helpful shopping guide tips for you to choose and compare our bags and other accessories. Get your sale of replica handbags today and you will never be disappointed with it.

[www.google.com/accounts/o8/id?id=aitoawlb9bmbiqglcp9flmc9_cfigsheyqr1yc0]

Welcome to our company, our company Huayi Trade Co.,LTD are good at selling the top quality designer bags (Balenciaga ,Chanel , Chloe' ,Christian Dior ,Dolce&Gabbana , Fendi , Gucci , Hermes , Galliera GM ,Miu Miu , Prada ), they are mirror image bags which are identical to the real onesLouis Vuitton Galliera GM . Our company locates inthe leather town in China, Speedy 25since 2003 we did this business we have won great trust and popularity from our customers from all over the world. We areexpanding our business, any inquiry for wholesale business is warmly welcome, Louis Vuitton Speedy 25just contact us, you can get our prompt reply.We have enlish speaking representative to answer phone call, or we can call you if convenient for you.

[www.google.com/accounts/o8/id?id=aitoawkclkx2iowpzwyrxpiaq6wrdn-gz_z3spc]

When the economy became a bit less predictable, more women started looking for ways to make their wedding dresses a little less costly. Some women opted to donate their used wedding dresses to other brides-to-be. Others still choose to cherish this garment, saving it for future daughters or granddaughters to wear in their weddings.

The new shop, designer wedding gowns, is almost directly opposite his existing ready-to-wear and couture boutique, at No. 27, which opened in 1984.

The models this week were nine divorcees who were willing to give their designer wedding dresses major makeovers! The designers had to turn old wedding dress into a hip outfit they “can wear in the next chapter of their lives.”