https://bugs.kde.org/show_bug.cgi?id=461972
Bug ID: 461972
Summary: remember password should probably be tied to URL and
not domain
Classification: Applications
Product: Falkon
Version: 22.08.1
Platform: Other
OS: FreeBSD
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: now...@gmail.com
Reporter: wait...@waitman.net
Target Milestone: ---
When I use 'remember password' feature, which includes the account login, it
automatically enters the values in any matching field the browser "finds" on
the entire web site / domain, despite any value in the "value" parameter of the
input element.
For example, if i have a login saved and this input field is at another URL on
the domain, like /plugin/example/info, then it is auto-populated with the login
information stored in the database.
<input type="text" name="username" value="USE THIS VALUE BECAUSE I SAID SO">
the browser ignores "USE THIS VALUE BECAUSE I SAID SO" and instead populates
with the stored username value, which is maybe something like
"myloginusername".
In my opinion the stored login information should be tied to the specific URL
logged in, and just the domain. This is potentially a security issue because
(only for example) a "wordpress plugin" could have username and password fields
that might not be apparent the to the user and falkon would autopopulate these
and potentially transmit to undeserving third parties. there's alot of moving
parts there but in principal it should only populate the account info on the
specific login url where it was saved (when the user prompted to save it).
--
You are receiving this mail because:
You are watching all bug changes.
