PasswordMaker Forums
Firefox/SeaMonkey/Mozilla/Netscape/Flock Browser Extension => Feature Requests / Enhancements => Topic started by: Romeo on August 03, 2005, 01:20:23 PM
-
Hi there,
I do not know if this has been discussed before, or if it has, may be it was before we knew about the upcoming account specific auto populate feature.
Here is the idea. In 0.8 there will be a feature to turn on auto poulate for specific accounts. Wouldn't it be neat to have two options. One that is for just auto populate, as described above, and one that is for auto populate plus auto submit?
That way, the password and username gets filled in and PM submits the form automatically.
What do you think?
Romeo
BTW, I don' even ask if it would be possible anymore, because I've come to realize that Eric can make that thing do (almost) anything. :P
-
That way, the password and username gets filled in and PM submits the form automatically.
The auto submit is great. Shouldn't PasswordMaker auto submit by default? What type of instances would there be that you would not want it to submit automatically?
BTW, I don' even ask if it would be possible anymore, because I've come to realize that Eric can make that thing do (almost) anything. :)
So true. So true.
-
Shouldn't PasswordMaker auto submit by default?
I would not want that, because there are web sites which require additional information, such as state, etc. Also, what if you have two accounts in two states, for example, and one day, you want to see your NY account, but he net you wanto to see your NJ account?
So, no, I think this should be optional and I do not see any harm in giving the user a choice.
Romeo
-
I would not want that, because there are web sites which require additional information, such as state, etc. Also, what if you have two accounts in two states, for example, and one day, you want to see your NY account, but he net you wanto to see your NJ account?
So, no, I think this should be optional and I do not see any harm in giving the user a choice.
Romeo
Agreed.
-
BTW, I don' even ask if it would be possible anymore, because I've come to realize that Eric can make that thing do (almost) anything
:D Thanks
My first reaction is that auto-submit is dangerous. Here's why. Let's say you create an account whose When URL Contains field is mail.yahoo.com. Then you happen to navigate to the URL http://mail.yahoo.com.romeo.net. The page at that URL has the same field names as http://mail.yahoo.com (login, passwd) and a form.
If you have auto-submit turned on and navigate to this page, your username/password for your Yahoo! Mail account gets submitted to the hackers at romeo.net. Now they can log into your Yahoo account. :(
One way around this is to change When URL Contains to a drop-down box from which you can select When URL Contains or When URL Equals. I would only permit auto-submit for accounts where When URL Equals has been selected.
Thoughts?
-Eric
-
Eric,
Very good comment. I hadn't thought about it that way way. I gues that is why you are the creator and we just get to add our two cents worth.
When URL Equals.
When you say this, I assuming that you are saying when URL is equal to or begins with yahoo.com/, right ?
If that is so, it should work, correct ? You could make it so that this automatically gets populated, when you click on the check box, thich says auto submit, or pop up a message warning the user.
Romeo
-
One way around this is to change When URL Contains to a drop-down box from which you can select When URL Contains or When URL Equals. I would only permit auto-submit for accounts where When URL Equals has been selected.
Absolutely, but when you say "Equals", how is a user informed of the exact meaning? Equal to just the domain or the protocol, sub-domain & domain etc?
-
Equal to just the domain
That is exactly what I was trying to say. Thanks quixn.
Romeo
-
This (http://passwordmaker.org/proto/test34.xul) is what I mean (only works in FF/Mozilla/Netscape).
Whatever text you enter must be precisely what is in the address URL, protocol included.
-
Eric, that should work, but when URL equals is not selected, the auto submit should be grayed out, right ?
Romeo
-
Absolutely!!
-
I really like this idea, and it sort of supplants - or at least modifies - my request for 'Auto & Manual Modes'...
Basically, you have added two parts to the Auto mode - Auto populate, and Auto submit - and gone even further by allowing this to be enabled/disabled on a per Account basis.
I LOVE it!
Ok, I'm going to spend some time this weekend and compare these requests and see where they differ, and try to come up with a new request that takes into account this one.
charles
-
Was this ever added to the feature request list?
-
Not yet - I got kinda busy this weekend, and still going at it. I'll get it done this week though.
-
Ok...
Eric, basically what I'd like to do is resubmit my 'Manual/Auto' feature request. I've actually decided to whittle it down and make it simpler. I haven't finished writing it up, but wanted to ask you how I should [re]submit it...
This 'Auto-Submit' feature should simply be a secondary option on the 'Auto-populate' functionality, and should be easy to integrate with my request if/when you ever get to it.
Anyway - should I simply 'Edit' my request and make the changes? Or create a new Request? I've already created 2 or 3 versions of this one, and don't want to create any more clutter than necessary.
I should be done writing it up tonight, and will submit it then.
Thanks
Charles
-
Hi Charles,
I haven't finished writing it up, but wanted to ask you how I should [re]submit it...
Tyrantmizar can remove your old request and replace it with your new one at the top of this thread (http://forums.passwordmaker.org/index.php?showtopic=167).
Anyway - should I simply 'Edit' my request and make the changes? Or create a new Request? I've already created 2 or 3 versions of this one, and don't want to create any more clutter than necessary.
Just create a new post. Try not the focus on what the request isn't (i.e., how it differs from the previous request), but instead what it is.
should be easy to integrate with my request if/when you ever get to it.
I will absolutely get to it!
Regards,
Eric
-
when URL equals is not selected, the auto submit should be grayed out, right ?
Please be sure the hover-tip (tooltip? what's that called?) explains *why* it's greyed out - I hate it when I can't do something and I don't have a clue why I can't...
(like the "New Account" button - only works if I've got a group highlighted; not an account within that group. Discovered it quickly, but confused me at first. For that matter, why *can't* I create a new account within that group if I've got an account highlighted? PM knows what group I'm in, doesn't it?
- Al -
-
Please be sure the hover-tip (tooltip? what's that called?) explains *why* it's greyed out - I hate it when I can't do something and I don't have a clue why I can't...
I agree.. good idea...
(like the "New Account" button - only works if I've got a group highlighted; not an account within that group. Discovered it quickly, but confused me at first. For that matter, why *can't* I create a new account within that group if I've got an account highlighted? PM knows what group I'm in, doesn't it?
It's called - a feature request... ;)
Hello again Al,
Have you seen the Feature Request Thread (http://forums.passwordmaker.org/index.php?showtopic=167) yet? That's where suggestions like this go...
Also, if you add one for this, please take into account - no pun intended :silence: - that 'Clone Account' is already planned - so when you have an Account already selected, there should be *two* choices - Clone Account, or New Account - which one should be default?
I'm still digesting your comments on the Synching... <burp> excuse me - I'm not a programmer, so having a hard time keeping up - google is my friend - google is my friend...
-
(like the "New Account" button - only works if I've got a group highlighted; not an account within that group. Discovered it quickly, but confused me at first. For that matter, why *can't* I create a new account within that group if I've got an account highlighted? PM knows what group I'm in, doesn't it?
It's called - a feature request...
Heh-heh - I'll go add it there - New/Clone thoughts there too.
Have you seen the Feature Request Thread yet? That's where suggestions like this go...
I've seen it - and I like the idea that I can vote for my preferences! (and of course Eric still gets to decide what he works on in what order - as a programmer, I understand that part implicitly! :)
I just figured all my suggestions are so good that everyone'd immediately vote 'em to the top... :D
I felt it more important to get my features requested before going and voting - I tend to forget things if they're not written down...
Will do so soon though.
I'm still digesting your comments on the Synching... <burp> excuse me - I'm not a programmer, so having a hard time keeping up - google is my friend - google is my friend...
Yeah, me too after your response... Google and Wikipedia - where would we be without 'em? (and broadband access - I'd almost rather not go on vacation if I've gotta use dialup... :)
- Al -
-
Eric,
I was reading this Feature Request (Auto-Submit and When URL Equals options) and your comments on "When URL Equals".
I have a couple of Yahoo accounts - when I go to a yahoo login screen, the "Choose Account" window pops up - here is where I would love to have the auto submit. The problem is (or maybe) right now with "When URL contains = yahoo.com" it works for all the places I might log in like:
http://mail.yahoo.com/ (http://mail.yahoo.com/)
http://groups.yahoo.com/ (http://groups.yahoo.com/)
http://login.yahoo.com/config/login?.done=...c=ygrp&.intl=us (http://login.yahoo.com/config/login?.done=http://groups.yahoo.com%2fgroup%2feditplus%2fmessages&.src=ygrp&.intl=us)
This last one is when I go directly to a group and then select Login.
How will this work with "When URL Equals"?
Because I have the "Choose Account" window pop up - I don't feel like I need the protection of "When URL Equals" if it will not work with all the different logins I may encounter on Yahoo.
So there may need to be a global setting for "Use Auto-submit with Choose Account window" or something like that...
-
The problem is (or maybe) right now with "When URL contains = yahoo.com" it works for all the places I might log in like:
http://mail.yahoo.com/ (http://mail.yahoo.com/)
http://groups.yahoo.com/ (http://groups.yahoo.com/)
http://login.yahoo.com/config/login?.done=...c=ygrp&.intl=us (http://login.yahoo.com/config/login?.done=...c=ygrp&.intl=us)
How will this work with "When URL Equals"?
Excellent question. Similar to Multiple "When URL Contains" entries (http://forums.passwordmaker.org/index.php?showtopic=88), I think we'll have to provide multiple entries for "When URL Equals" for auto-submit. Sound reasonable?
-
Excellent question. Similar to Multiple "When URL Contains" entries (http://forums.passwordmaker.org/index.php?showtopic=88), I think we'll have to provide multiple entries for "When URL Equals" for auto-submit. Sound reasonable?
Eric,
I'm not sure that would be the best way to implement it. The problem for me is logging in at:
http://login.yahoo.com/config/login?.done=...c=ygrp&.intl=us (http://login.yahoo.com/config/login?.done=http://groups.yahoo.com%2fgroup%2feditplus%2fmessages&.src=ygrp&.intl=us)
How much of this URL line is needed for "When URL Equals". If ALL of it then for every yahoo group I belong to I would need to add such a line to the "When URL Equals" list to get the Auto-Submit to work. This seems excessive. Or maybe I'm not inderstanding the "when URL equals" and auto-submit requirements.
-
For yahoo, it seems like the when URL equals field only really needs login.yahoo.com (include the http:// for good measure)
-
For yahoo, it seems like the when URL equals field only really needs login.yahoo.com
But major's point is that when he clicks a link to log into a group, the URL won't equal login.yahoo.com. It will equal http://login.yahoo.com/config/login?.done=...c=ygrp&.intl=us (http://login.yahoo.com/config/login?.done=...c=ygrp&.intl=us). Yes, it will contain login.yahoo.com, but we talked about auto-submit only working with equals for security.
-
But major's point is that when he clicks a link to log into a group, the URL won't equal login.yahoo.com. It will equal http://login.yahoo.com/config/login?.done=...c=ygrp&.intl=us (http://login.yahoo.com/config/login?.done=...c=ygrp&.intl=us). Yes, it will contain login.yahoo.com, but we talked about auto-submit only working with equals for security.
The more I think about this, the less I like the idea that I HAVE to use "When URL Equals" in order to use Auto-submit. I understand that the reason for this is to protect against submitting a password to a spoofed site. And for many people this may be a good thing - but - it is not a one size fits all situation.
For instance, I would use the auto-submit for all of my low-risk sites - those sites, were if my username/password was compromised, would not threaten my financial informtaion or enable my identity to be stolen. These are sites like: newsvine, yahoo, gmail, any forums or support sites, etc. For example, there really is no risk if my password and username to the PMW forum was compromised.
Also, my 'home page' is actually an HTML page on my hard disk that contains all the links to my regular sites. The only way I go to secure sites is through a link on my 'home page'. This is another level against url spoofing.
All in all, it sounds like you (the universal you, not just Eric) are trying to protect me from me - and in doing this you are making it harder for me to use the software in the way I would like to use it - doesn't this sound an awfully lot like Microsoft's attitude.
So my suggestion is to implement Auto-Submit so it defaults to "When URL Equals" but allow me to change it to "when URL contains" - please.
(I hope that doesn't sound angry - it's not <g> - it's just really hard these days to feel like I'm in charge of my own computer!)
-
You got it. It will be up to the user to decide. Caveat emptor (http://en.wikipedia.org/wiki/Buyer_beware).
-
You got it. It will be up to the user to decide. Caveat emptor (http://en.wikipedia.org/wiki/Buyer_beware).
Thanks!
-
You got it. It will be up to the user to decide. Caveat emptor (http://en.wikipedia.org/wiki/Buyer_beware).
Thanks so much for the Latin lesson.
But, I agree completely, make it optional. Preferable, only allow the user to use the protocol, the host, the domain ... to put in there, In other words, do not allow anything that does not start with http:// or https://, (the protocol, I believe). But, then again, that is just my opinion.
-
In other words, do not allow anything that does not start with http:// or https://, (the protocol, I believe). But, then again, that is just my opinion
I'm going to leave it completely up to the user. I think suggestions like that (begin all your URLs with a protocl) should be put in the manual!
-
I'm going to leave it completely up to the user. I think suggestions like that (begin all your URLs with a protocl) should be put in the manual!
OK, I am good with that. I just thought I would bring it up.
-
I agree with leaving this up to the user, but I also think that a great big fat ugly warning should be displayed whenever someone enables auto-submit without a When URL EQUALS - just to maintain clean hands...
-
Ok, good idea.
-
I agree with leaving this up to the user, but I also think that a great big fat ugly warning should be displayed whenever someone enables auto-submit without a When URL EQUALS - just to maintain clean hands...
Excellent idea. I am not sure how much of an explanation Eric will be able to put into the warning, but the more, the better.
-
I like this idea. Please count my vote.