Jesse Ruderman wrote: > We should consider getting rid of the "insecure form submission" > dialog. Is the dialog useful for getting users to check for the "lock" > icon before typing sensitive data, or do they ignore/disable the dialog > after the first time they do a web search and then forget about the > warning? don't think it's gonna happen
> (Text of dialog: "The information you have entered is to be sent over an > unencrypted connection and could easily be read by a third party. \n\n > Are you sure you want to continue sending this information?") > > In general, I don't like security dialogs that appear often. Some users > leave this dialog enabled, so they're likely to get ready to click > "Continue" after clicking the submit button on a web form, and not read > the dialog. A web site could put up an XPInstall or Signed Script > dialog when the user expects an insecure form submission dialog, and > that would be bad. I agree with you. Please file a bug about it to bugzilla.mozilla.org we do need some means to strongly differentiate different types of alert dialogs, perhaps by icons. In some cases, we could also provide a secondary dialog or window so that the user can revoke his/her decision. For example, for installing components, we can add an "oops, un-install"/"oops, quit download" button on the download status window. > Could we replace this dialog with a one-time dialog like the password > manager intro dialog, or change the checkbox to be unchecked the first > time the user sees the dialog? There's already a checkbox for "don't bother me next time" or something like that for most alert dialogs.
