Thread: mbox download username/password
Further to discussion at PGCon this morning, webkit based browsers no longer display the realm text when displaying password prompts. This was used by our archives code to tell the user what username/password to enter when downloading mbox files (which are loosely protected against bot downloads as they contain email addresses). The attached patch adds a note to the appropriate template to convey the username/password info on the page. It's currently untested as I don't have a pgarchives test environment. Magnus - can you test/apply please? -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company
Attachment
On Fri, May 20, 2016 at 10:30 AM, Dave Page <dpage@pgadmin.org> wrote:
Further to discussion at PGCon this morning, webkit based browsers no
longer display the realm text when displaying password prompts. This
was used by our archives code to tell the user what username/password
to enter when downloading mbox files (which are loosely protected
against bot downloads as they contain email addresses).
The attached patch adds a note to the appropriate template to convey
the username/password info on the page. It's currently untested as I
don't have a pgarchives test environment.
Magnus - can you test/apply please?
It's not just for mbox files though, it's also for viewing the raw messages. Don't we have the same problem there?
On Fri, May 20, 2016 at 3:20 PM, Magnus Hagander <magnus@hagander.net> wrote:
On Fri, May 20, 2016 at 10:30 AM, Dave Page <dpage@pgadmin.org> wrote:Further to discussion at PGCon this morning, webkit based browsers no
longer display the realm text when displaying password prompts. This
was used by our archives code to tell the user what username/password
to enter when downloading mbox files (which are loosely protected
against bot downloads as they contain email addresses).
The attached patch adds a note to the appropriate template to convey
the username/password info on the page. It's currently untested as I
don't have a pgarchives test environment.
Magnus - can you test/apply please?It's not just for mbox files though, it's also for viewing the raw messages. Don't we have the same problem there?
FWIW, this seems to be treated as a bug in Chrome: https://bugs.chromium.org/p/chromium/issues/detail?id=544244 (comment 22 and forward, in particular the reference to the standard at #35)
So perhaps we should give it some time and see if they change?
On Fri, May 20, 2016 at 3:28 PM, Magnus Hagander <magnus@hagander.net> wrote: > > On Fri, May 20, 2016 at 3:20 PM, Magnus Hagander <magnus@hagander.net> > wrote: >> >> On Fri, May 20, 2016 at 10:30 AM, Dave Page <dpage@pgadmin.org> wrote: >>> >>> Further to discussion at PGCon this morning, webkit based browsers no >>> longer display the realm text when displaying password prompts. This >>> was used by our archives code to tell the user what username/password >>> to enter when downloading mbox files (which are loosely protected >>> against bot downloads as they contain email addresses). >>> >>> The attached patch adds a note to the appropriate template to convey >>> the username/password info on the page. It's currently untested as I >>> don't have a pgarchives test environment. >>> >>> Magnus - can you test/apply please? >> >> >> It's not just for mbox files though, it's also for viewing the raw >> messages. Don't we have the same problem there? Urgh, yeah. I guess we could put the note after the "raw" link on each message, but it'll be kinda ugly. > FWIW, this seems to be treated as a bug in Chrome: > https://bugs.chromium.org/p/chromium/issues/detail?id=544244 (comment 22 and > forward, in particular the reference to the standard at #35) > > So perhaps we should give it some time and see if they change? Yeah. -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company