Author Topic: Protected Website Login Pop-ups`  (Read 13341 times)

Offline tanstaafl

  • Administrator
  • *****
  • Posts: 1363
Protected Website Login Pop-ups`
« on: September 12, 2005, 08:13:16 PM »
Not sure what they are technically called, or if this is even possible - wait, I forget, Eric can do anything!  heh...

Anyway, would it be possible to make PM work with .htaccess protected websites that pop-up a little window to login?

At least, I tried to set up an account for one of these, but it didn't populate anything when I hit Alt-`.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3352
    • http://passwordmaker.org/
Protected Website Login Pop-ups`
« Reply #1 on: September 12, 2005, 10:43:36 PM »
This was actually already requested in the original feature request list way back when we were on http://passwordmaker.mozdev.org, but I don't see it in the current Feature Request List. It must not have made the jump.

Quote
Not sure what they are technically called, or if this is even possible
This is called "HTTP Basic Authentication" (example) and, yes I can put this into PasswordMaker.

Tyrantmizar--can you add it to the list?

Thanks,
Eric
« Last Edit: April 12, 2006, 03:31:23 AM by Eric H. Jung »

Offline Romeo

  • Hero Member
  • *****
  • Posts: 561
    • http://www.wprus.com
Protected Website Login Pop-ups`
« Reply #2 on: September 12, 2005, 11:29:31 PM »
If I had a vote left, I would vote for it.  I didn't think that was possible, but I think it would be a very good idea to have this feature.
It is impossible to create a fool-proof system, because fools are ingenious.

Offline Tyrantmizar

  • Sr. Member
  • ****
  • Posts: 307
    • http://tyrantmizar.blogsome.com/
Protected Website Login Pop-ups`
« Reply #3 on: September 13, 2005, 12:50:22 AM »
Added as "Populate HTTP Basic Authentication"
Tyrantmizar
- <a href="http://tyrantmizar.blogsome.com/">Check out my blog</a> (shameless plug :P)
- Lord of the Feature Requests / Enhancements Forum - BWAHAHAHAHA!!!!
- Lord of the other one, the [url=http://forums.passwordmaker.o

Offline tanstaafl

  • Administrator
  • *****
  • Posts: 1363
Protected Website Login Pop-ups`
« Reply #4 on: September 13, 2005, 11:29:35 AM »
Way cool!

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3352
    • http://passwordmaker.org/
Protected Website Login Pop-ups`
« Reply #5 on: October 05, 2005, 08:09:08 PM »
From here:

Quote
Personally that request is one of the more essential features on this list (and apparently, 3 people agree with me). Here's to that one getting added!
FWIW, I've already spent days trying to get that feature to work. 3 other developers weighed in with their opinions on how to do it. Nothing so far has worked. It's been humbling and I'm quite discouraged, but I"ll keep plugging away.
« Last Edit: October 05, 2005, 08:09:45 PM by Eric H. Jung »

Offline tanstaafl

  • Administrator
  • *****
  • Posts: 1363
Protected Website Login Pop-ups`
« Reply #6 on: October 05, 2005, 08:13:36 PM »
Ouch...

Well, then maybe the best thing to do is Table it unless/until you get some inspiration. It would be great to have, but there are other features that will be just as great... ;)

Offline TMXOD

  • Normal Members
  • *
  • Posts: 6
Protected Website Login Pop-ups`
« Reply #7 on: April 14, 2007, 01:10:53 PM »
Quote from: Eric H. Jung
From here:
FWIW, I've already spent days trying to get that feature to work. 3 other developers weighed in with their opinions on how to do it. Nothing so far has worked. It's been humbling and I'm quite discouraged, but I"ll keep plugging away.


Quote from: tanstaafl
Ouch...

Well, then maybe the best thing to do is Table it unless/until you get some inspiration. It would be great to have, but there are other features that will be just as great...
Throwing my hat into the ring here, but I believe I have a possible solution to this problem:

HTTP Basic auth can be used in two ways: through the prompt, which I suppose is hardened to prevent malicious extensions from modifying (just like Firefox's master password prompt), or through the URL (basic auth URL pattern is "(protocol)://(username):(password)@(host)/(path)"), so the best way I see of accomplishing this would be to detect when the server replies with the need of authentication, then abort the connection, process the master password, and resubmit the URL using the format above (using the capabilities of extension such as "LiveHTTPHeaders" or "Tamper Data", or coding the necessary things into PWM).
« Last Edit: April 14, 2007, 01:11:33 PM by TMXOD »

Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1152
  • Programmer
    • http://www.miquelfire.com/
Protected Website Login Pop-ups`
« Reply #8 on: April 15, 2007, 02:30:20 AM »
Since we can't see where the URL is going to, it's not easy to do.

Dude, you caused me to think up something that MIGHT be helpful in solving this issue! There are extensions that can record the HTTP headers and show them to the user right? What I'm thinking is that we can somehow log HTTP header traffic, and use the info with that to find out the URL a HTTP auth pop-up belongs to!

Step 1, examine one of them extensions and see how they work.
Step 2, see if idea will work at all.
Step 3, ...
Step 4, Profit?

Okay, no more jokes like that again...
"I'm not drunk, just sleep deprived."

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3352
    • http://passwordmaker.org/
Protected Website Login Pop-ups`
« Reply #9 on: April 20, 2007, 02:32:30 PM »
I think we can safely say this won't get implemented.

PasswordMaker Forums

Protected Website Login Pop-ups`
« Reply #9 on: April 20, 2007, 02:32:30 PM »

 

anything