Automatic fill in Problem with Firefox

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
AGISB
Forum Contributor
Posts: 422
Joined: Fri Jul 09, 2004 1:23 am

Automatic fill in Problem with Firefox

Post by AGISB »

I got a problem, that came up with the new Firefox 3.

I got several projects, wehre people can login with an id or a nickname. They cannot change the id but I do allow to change a nickname that might be easier for them to remember. This function requires the password of the user to change the nickname to avoid collegues that use a break of the user to change stuff on their computer. It worked like a charm until Firefox 3 an its agressive password fill in function.

Now no matter what I do it fills in the password if I choose the correct current nickname. Even if I rename the fields it seems it just takes the next password field and puts the correct password in. Even if I prefill the pw field it is overwritten by the autofill in :x

This of course defeats the purpuse completely. Any ideas or solutions out there to block that function?
SomeoneE1se
Forum Newbie
Posts: 20
Joined: Sat May 31, 2008 2:53 am

Re: Automatic fill in Problem with Firefox

Post by SomeoneE1se »

You can delete the saved passwords, from what you describe this would seem to be the only way. Also it's a bad idea to have Firefox remember any passwords.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Automatic fill in Problem with Firefox

Post by Mordred »

This is a client issue, not your problem. You may warn the user if you want to.
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: Automatic fill in Problem with Firefox

Post by Eran »

make sure you don't name the input fields with standard names like 'email' ,'username' and 'password' - firefox will immediately pick that up. If its a unique name, firefox asks the users whether to save the password or not - if they click 'yes', there is nothing you can do about it.
AGISB
Forum Contributor
Posts: 422
Joined: Fri Jul 09, 2004 1:23 am

Re: Automatic fill in Problem with Firefox

Post by AGISB »

I have given the fields unique names to prevent bots form just easily fill in fields. My problem is now, that the password was saved in the initial sign up process but gets filled in at a totally different point of the site into fields that even have different names as well.

I know it is a client problem but it also seems to me as a firefox bug to fill in passwords at differnt places throughout the site. I hoped that there would be a trick to prevent it but I guess I have to live with it. It even saves the password now when I md5 it with javascript :cry:
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: Automatic fill in Problem with Firefox

Post by Benjamin »

I thought I read someplace that you set autocomplete="off" or something to disable this. I would try that.

Also, a bit of js may do the trick. I'm sure there is an easy way to do it.
mikeymike
Forum Newbie
Posts: 1
Joined: Tue Aug 19, 2008 9:57 am

Re: Automatic fill in Problem with Firefox

Post by mikeymike »

I had the same problem, and I found a hack for this: put into your html page the very before your password field an another password field with display: none option, like this:

<input type="password" style="display: none" />
<input... --your password field goes here -- .../>

Strange solution, but it works.
Post Reply