webextension vs. master password timeout

grinapo+mozilladev at gmail.com grinapo+mozilladev at gmail.com
Tue Aug 1 12:57:50 UTC 2017


Hello,

There are some addons for a master password timeout feature (which, in
turn, seems to be an obviously compulsory feature, but that's for
another day), which has been killed as most of the useful addons around
("not multiprocess compatible", "LEGACY").

I checked the code and it's, like, 1 line:

            Components.classes["@mozilla.org/security/pk11tokendb;1"]
                .getService(Components.interfaces.nsIPK11TokenDB)
                .findTokenByName("").logoutAndDropAuthenticatedResources();

I'm no addon dev, so I have tried to search for anything password
related (being curious about the future of Saved Passwords Editor addon
as well), but unfortunately found nothing.

Your experience and wisdom is required.

Which API is supposed to:
- expire the master password?
- expire http auth password?
- manipulate the password database?

(Please refrain from telling me to use something else, unless you back
it up by real security-related facts, I mean those who insist MP is
insecure but fail to detail how, apart from their personal taste. The
question is about solving a problem, not avoiding it.)

Thanks,
Peter


More information about the Dev-addons mailing list