The plugin has both false positives and false negatives:
- It does not detect password fields inside an IFRAME (even if the site containing the IFRAME is unencrypted too).
If the false negatives can be eliminated, and a list of excepted sites is included, the plugin will be quite useful.
I agree with previous posters, the big red message is an overreaction. Solution provided by previous poster is nice, showing only a dialog box.
I also observed the extension doesn't work on some login interfaces on some pages, the method to identify unsecure connections should be refined.
This is actually a 5-star extension, except for the already stated facts that (1) the big red warning is overreacting and (2, more importantly) it also breaks with NoScript.
To everyone who has the same opinion: fortunately there is a trivial fix to it. go to your Firefox profile, folder "extensions". Then edit the file SSLPasswdWarning@c4i.gmu.edu/chrome/content/SSLPasswdWarning.js
comment out the line that reads
sslpasswdwarning.displayStaticMessage(doc, messageObj, message,'modalDialog_contentDiv_error');
i.e, change it to
I've tested this (Ubuntu 10.04, FF 3.6.10) and it seems to work correctly. It still displays the alert box once you (try to) submit, so you can still cancel. I verified that when pressing cancel, no data whatsoever is being sent.
1. I really don't like that Big Red Message. It is overreaction. Just remove it.
2. When NoScript blocks scripts (and it usually blocks scripts for me) that Big Red Message just cannot be closed. FAIL.
I like to see just the second message box when I submit the form. And I want to be _sure_ that no text entered in "*****" box will leave "firefox-bin" process without encryption and without this message box.
But also it can be some even more soft variant like pop-up badge ("Warning! This password is going to be submitted insecurely").
Also list of sites where this warning to be omitted (like "I know that this site has insecure login") should be useful.
Please test it with NoScipt and rerelease.
at this site:
the warning gets generated, but it will not go away no matter how many times I click the "x".
Don't know if it is a conflict with the site, or with another addon, or something else, but I have to remove it til this problem gets fixed.
The red warning after clicking into a password field reminds me to the Amiga BootRom Failure Message.. or looks like an old DOS window.. or looks like these funny lines, arrows or circles which are drawn by free hand & windows paint into images where peoples want show or highlight something. It looks misplaced.. but it works. ^^
The cursor focus @ password field is lost after closing the warning.. one more click needed. This could be a feature for better security? But it seems to be a 'bug'..
The red warning is NOT shown if.. you open a website where the login form is automatically filled by the firefox password manager.. and you just have to click on the login button (no need to click into the password field). BUT after clicking the login button.. there is one more warning message. I think.. the red warning could be removed.. the second message works and would be enough.
I like this, by and large, but I would like to see a "whitelist" option to tell it that, for a particular site, I don't *care* that it's insecure. For example, my "journal" is a private blog hosted on my own machine, and whenever I try to log on to add a post, the big red warning box pops up. I'd like to quash that.
Aside from that, this thing is a godsend. Thank you.
Nice job...This extension actually works. Gives you security warning before you send your password over an insecure network.
Works very nicely. Feels and looks like a trustworthy add-on. It correctly identifies when you send a password over an unencrypted connection.
Very nice add on. Nice UI, works with different kinds of pages and browsers. Highly Recommended.
Works as advertised. Warns you when you are about to send a password over the net in plaintext!
Great extension! Works as advertised ;)
Great extension! Works as advertised ;)
This extension is successful in detecting when you are about to send unencrypted sensitive information over the Internet.