Input field shows my user names and passwords
I have an input field -><input name="Description" type="text" id="Description" value="<?php echo $row_TicketItemTable['Description']; ?>" size="70" />
When I click into to it it shows: This connection is not secure. Logins here could be compromised. ver 68.0.1
and on another field it displays logins and passwords that have been saved. This is must be corrected.
Endret
All Replies (7)
Firefox 51+ will mark HTTP connections with a padlock with a strike through and shows "Connection is Not Secure" if you click the Control Center 'i' button at the left end of the location/address bar.
You can press the ESC key to close a doorhanger with a warning message in the name and password field.
You can disable the warning that opens when you type in a name/password field by setting this pref to false.
- security.insecure_field_warning.contextual.enabled = false
You can remove the warning in the location bar by setting this pref to false on the about:config page.
- security.insecure_password.ui.enabled = false
See also:
sam9030 said
This connection is not secure. Logins here could be compromised
https://support.mozilla.org/en-US/kb/insecure-password-warning-firefox There is a hidden preference to turn off the warning on the login form if it really annoys you and you think it will never be of value. Here's how:
Type about:config<enter> in the address bar. If a warning screen comes up, press the I Accept the Risk button. At the top of the screen is a search bar. Set;
security.insecure_field_warning.contextual.enabled = False security.insecure_password.ui.enabled = False
and on another field it displays logins and passwords that have been saved. This is must be corrected.
Please explain the problem in detail.
Hi sam9030, is this all happening on the same page?
- text input name="Description" triggers an insecure login warning (because it's an HTTP page and not HTTPS, or because the form submits to an HTTP URL)
- is this field part of a login form?
- username text input drop-down lists usernames previously used on that site (even if it's an HTTP page)
- presumably you have Firefox's password manager enabled? do you prefer that it not work at all on HTTP pages?
- password input drop-down lists usernames previously used on that site (even if it's an HTTP page)
- passwords should never be displayed, only the username
This does NOT solve the problem in that this field IS NOT a password field.
<input name="Description" type="text" id="Description" value="<?php echo $row_TicketItemTable['Description']; ?>" size="70" />
There is another field after this one
<td width="10%"> <?php if ($row_StationTable['BlockPrices']=='N') { ?> Price Overide Code <input name="password" type="password" id="password" size="8" maxlength="8" onfocus="MoveCursor('Password')" /> <?php } ?> </td>
if I remove the second field then the first field acts correctly.
Endret
Firefox shows the username(s) as suggestions for the password field. The usernames are shown, but the password that belongs to a username is filled when you select a username from the list, so do not get confused by seeing usernames as suggestions in the password autocomplete drop-down list.
I changed the name of the field from Description and no help. So far only removing the password field following solves my problem but now cannot use the password field. The other item is that this page 'can' be executed via HTTPS but I don't have a certificate as of yet.
My guess based on what you've tried so far is that Firefox assumes a text input before a password input must be a username field. Obviously not in this case.
What if you put this above the password field, below the description field?
<input type="text" name="username" style="display: none" value="">