Manage PTAGIS accounts
From PTAGISWiki
The Firefox "Remember Passwords" feature will cause the inadvertent overwriting of other user's passwords when using the Manage Account > Manage Accounts page in the PTAGIS web site unless the following precautions are taken.
The Manage Accounts page looks like this:
The password field highlighted in red is meant for changing the password for the selected user, but Firefox will see that password field as an opportunity for you to log in and will enter your password unless you tell it not to do so.
The relevant options in Firefox are under Preferences > Security as shown below:
If you are using the feature of "Remember passwords for sites" then you should create an exception for http://www.ptagis.org as shown to avoid this undesirable interaction with the Manage Accounts page.
More details
The desired behavior would be that Firefox remembers the password and automatically provides it for the login page of the site. Furthermore, it would not provide the password when visiting or making changes to the Manage Accounts page. This page has a password field, but it is meant for changing another user's password. The Manage Accounts page does not have a user name field, only a password field, so it shouldn't look like a login opportunity to Firefox.
The relevant settings in Firefox are:
- Remember passwords for sites
- This setting controls whether Firefox will gather passwords into its internal store. It does not have any effect on whether the already existing passwords will be presented to forms or not.
- Remember passwords for sites, exceptions
- This setting eliminates certain URLs from having their passwords saved in Firefox's internal store. It does not have any effect on whether already saved passwords will be presented to forms.
- Show passwords
- Lists the URLS, usernames, and passwords in Firefox's internal store that will be presented to forms for auto-filling.
If "Remember passwords" is enabled, and http://www.ptagis.org is not present in the Exceptions, and a password is not already stored for http://www.ptagis.org, then logging in will present the user with the option to "Save this password", "Never save passwords for this site", or "Not now".
Saving the password at this point will create an entry in Firefox's password store with the URL http://www.ptagis.org, the username, and password.
Now, without changing any settings, visiting the Manage Accounts page, clicking on the demo1 account, and submitting changes, brings up a confirmation box for remembering a password, as if a password were entered, even though one was not entered by the user and there should not be a match in Firefox's password store for this URL and username, since username is blank.
Selecting "Not now" continues with the form submission and the password for demo1 has now been erroneously replaced.
Selecting "Remember" at this point creates an entry in Firefox's password store with the URL http://www.ptagis.org and username of <>.
Using the Manage Accounts page to set the password for user demo1 causes Firefox's password store to have an entry for URL http://www.ptagis.org, username <>, and the correct password. However, leaving and returning to the Manage Accounts page causes Firefox's password store to change the entry for URL http://www.ptagis.org and username <> to have the same password as the entry for URL http://www.ptagis.org and username rday. This change takes place before the form is submitted, so if no changes are manually made to the form and it is submitted, the password for user demo1 is now replaced by the password for user rday.
