The original question was is there a way to have 'security.insecure_password.ui.enabled' only be 'false' for certain hosts/domains ...
I believe the answer is no (with or without CCK2) James Pearson Kaply Consulting wrote: > For that, all you can do is change a preference > > security.insecure_password.ui.enabled > > Set it to false and you won't see the "insecure password" warning. > > Mike > > On Sun, May 21, 2017 at 4:00 PM, Mossroy <[email protected]> wrote: > >> Sorry, I had misunderstood your previous email. I thought you were talking >> about a way to put some domains in a white-list for the unsecure >> login/password forms warning (when the authentication is sent in clear >> text, with no encryption). >> >> Le 21/05/2017 à 22:50, Kaply Consulting a écrit : >> >> Sure. >> >> If you go to Certificates->Overrides, you can specify domains for which >> the certificate security information is bypassed. >> >> So you can add domains that have self signed certificates, for instance. >> >> Mike >> >> On Sun, May 21, 2017 at 9:33 AM, Mossroy <[email protected]> wrote: >> >>> Mike, can you elaborate on how to do that with CCK2? >>> >>> I did not find a relevant parameter in the UI of CCK2 2.2.3.2 >>> >>> Regards, >>> >>> Mossroy >>> >>> Le 11/05/2017 à 16:44, Kaply Consulting a écrit : >>> >>> You can do this with the CCK2 but it has to be individual domains. >>> >>> Mike >>> >>> On May 11, 2017 10:04 AM, "carré, denis" <[email protected]> >>> wrote: >>> >>> Cost is not the point. >>> >>> All our external (internet published websites with authentication and/or >>> giving access to data) website already use standard or wildcard >>> certificates, >>> >>> Certificates signed with our own CA (and our CA certificate is known by >>> firefox) are costless too, and some of our internal webapps use some of >>> them. >>> >>> For some other webapps we use a NGINX SSL reverse proxy. >>> >>> But for others it's simple not possible. For several reasons, technical, >>> historical... >>> >>> Some developpers we bought software from just don't support the use of >>> SSL, for example. >>> Some webapps present APIs hard coded in pieces of software or office >>> macros, and so on. >>> >>> Anyway, the question is not how much costs a certificate (I have quite a >>> precise idea of it, thanks) but how to make firefox consider our internal >>> web sites (and only them) as secure, whether they use SSL encryption or >>> not, and still having this warning for external (internet) websites where >>> this warning is more important. >>> >>> Regards, >>> >>> denis >>> >>> >>> Réponse ou transfert de la part de Denis CARRE >>> -----Message d'origine----- >>> De : Enterprise [mailto:[email protected]] De la part de >>> James Andrewartha >>> Envoyé : mercredi 10 mai 2017 03:42 >>> À : [email protected] >>> Objet : Re: [Mozilla Enterprise] whitelist for "unsecure connection" >>> password prompt >>> >>> Hi Denis, >>> >>> On 09/05/17 17:58, carré, denis wrote: >>>> Is it possible to whitelist some specific websites (or domains), so >>>> that users don't see the popup on the password box telling the >>>> connection is unsecure ? >>>> >>>> There's a way to globally disable this feature on the about:config ( >>>> security.insecure_field_warning.contextual.enabled ) but I'd like to >>>> disable it only for specific internal webapps, not globally. >>> >>> Wildcard certificates are under $100/year: >>> >>> https://www.ssls.com/ssl-certificates/comodo-positivessl-wildcard >>> >>> -- >>> James Andrewartha >>> Network & Projects Engineer >>> Christ Church Grammar School >>> Claremont, Western Australia >>> Ph. (08) 9442 1757 >>> Mob. 0424 160 877 >>> _______________________________________________ >>> Enterprise mailing list >>> [email protected] >>> https://mail.mozilla.org/listinfo/enterprise >>> >>> To unsubscribe from this list, please visit >>> https://mail.mozilla.org/listinfo/enterprise or send an email to >>> [email protected] with a subject of "unsubscribe" >>> _______________________________________________ >>> Enterprise mailing list >>> [email protected] >>> https://mail.mozilla.org/listinfo/enterprise >>> >>> To unsubscribe from this list, please visit >>> https://mail.mozilla.org/listinfo/enterprise or send an email to >>> [email protected] with a subject of "unsubscribe" >>> >>> >>> >>> >>> _______________________________________________ >>> Enterprise mailing >>> [email protected]https://mail.mozilla.org/listinfo/enterprise >>> >>> To unsubscribe from this list, please visit >>> https://mail.mozilla.org/listinfo/enterprise or send an email to >>> [email protected] with a subject of "unsubscribe" >>> >>> >>> >>> _______________________________________________ >>> Enterprise mailing list >>> [email protected] >>> https://mail.mozilla.org/listinfo/enterprise >>> >>> To unsubscribe from this list, please visit >>> https://mail.mozilla.org/listinfo/enterprise or send an email to >>> [email protected] with a subject of "unsubscribe" >>> >> >> >> >> _______________________________________________ >> Enterprise mailing list >> [email protected] >> https://mail.mozilla.org/listinfo/enterprise >> >> To unsubscribe from this list, please visit https://mail.mozilla.org/ >> listinfo/enterprise or send an email to [email protected] >> with a subject of "unsubscribe" >> > > > > _______________________________________________ > Enterprise mailing list > [email protected] > https://mail.mozilla.org/listinfo/enterprise > > To unsubscribe from this list, please visit > https://mail.mozilla.org/listinfo/enterprise or send an email to > [email protected] with a subject of "unsubscribe" > _______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
