webextension vs. master password timeout

Amy Tsay atsay at mozilla.com
Tue Aug 1 15:58:10 UTC 2017


Hi Peter,

Before deciding whether to file a bug, please take a look at this: 
https://wiki.mozilla.org/WebExtensions/NewAPIs

This will help us avoid duplicates and speed up the triage process--thanks!

Amy
> Bob Silverberg <mailto:bsilverberg at mozilla.com>
> August 1, 2017 at 8:45 AM
>
>
> On Tue, Aug 1, 2017 at 8:57 AM, <grinapo+mozilladev at gmail.com 
> <mailto:grinapo+mozilladev at gmail.com>> wrote:
>
>
>     Which API is supposed to:
>     - expire the master password?
>
>
> Nothing exists or is currently planned for this.
>
>     - expire http auth password?
>
>
> I am fairly sure that nothing exists or is currently planned for this 
> either.
>
>     - manipulate the password database?
>
>
> A logins API [1] is in the pipeline and is undergoing a security review.
>
> For the ones that are not currently planned, I would suggest opening 
> bugs detailing exactly what you feel you need from an API, and 
> providing use cases for any APIs you are requesting.
>
> Thanks,
> Bob
>
> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1324919
>
> _______________________________________________
> Dev-addons mailing list
> Dev-addons at mozilla.org
> https://mail.mozilla.org/listinfo/dev-addons
> grinapo+mozilladev at gmail.com <mailto:grinapo+mozilladev at gmail.com>
> August 1, 2017 at 5:57 AM
> Hello,
>
> There are some addons for a master password timeout feature (which, in
> turn, seems to be an obviously compulsory feature, but that's for
> another day), which has been killed as most of the useful addons around
> ("not multiprocess compatible", "LEGACY").
>
> I checked the code and it's, like, 1 line:
>
> Components.classes["@mozilla.org/security/pk11tokendb;1"]
> .getService(Components.interfaces.nsIPK11TokenDB)
> .findTokenByName("").logoutAndDropAuthenticatedResources();
>
> I'm no addon dev, so I have tried to search for anything password
> related (being curious about the future of Saved Passwords Editor addon
> as well), but unfortunately found nothing.
>
> Your experience and wisdom is required.
>
> Which API is supposed to:
> - expire the master password?
> - expire http auth password?
> - manipulate the password database?
>
> (Please refrain from telling me to use something else, unless you back
> it up by real security-related facts, I mean those who insist MP is
> insecure but fail to detail how, apart from their personal taste. The
> question is about solving a problem, not avoiding it.)
>
> Thanks,
> Peter
> _______________________________________________
> Dev-addons mailing list
> Dev-addons at mozilla.org
> https://mail.mozilla.org/listinfo/dev-addons
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/dev-addons/attachments/20170801/88d4596c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: postbox-contact.jpg
Type: image/jpeg
Size: 1218 bytes
Desc: not available
URL: <http://mail.mozilla.org/pipermail/dev-addons/attachments/20170801/88d4596c/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL: <http://mail.mozilla.org/pipermail/dev-addons/attachments/20170801/88d4596c/attachment-0003.jpg>


More information about the Dev-addons mailing list