Dave Booth wrote: > David Tenser wrote: > >>Sometimes my ISP isn't working properly. If Mozilla can't connect >>on the first try, it will prompt for my password, even though I >>stored previously. Why? >> >>Sometimes servers have problems, why must Mozilla forget the >>password stored just because it didn't successfully login *once* ? >> >>/ David >> > > > > > just my 0.02 but forgetting the password if authentication fails and > never using it again without confirmation from the user is much safer > than the alternatives. Bug 133525 indicates the potential results of > doing anything else. In fact, if the behaviour indicated in 133525 is > anything to go by, mozilla is only forgetting it after trying multiple > times - enough to cause account lockouts if its sending the wrong one. > I've seen it try a bad password once for every subscribed folder on an > IMAP server (with check_all_folders_for_new enabled), blowing my > account out of the water before I see a single password dialog. > Retrying with the same password is fine if the *connection* failed but > once connected an authentication failure should (IMHO) assume that the > stored password is bad and forget it immediately. >
This doesn't make sense. If I've checked that I want Mozilla to remember the password, I've already compromised my security. So why would I want Mozilla to throw away the stored password just because a login failed? How does that make Mozilla more secure? Ok, if the PASS command failed, it could warn me and prompt for the password, but since I've previously stored that password, it should appear in the dialog (as "*********"). Currently, the password field is totally empty, so I have to go to my office desktop and grab the paper with the password from my ISP and manually enter it in the password field again. Very annoying. / David
