Password issue with Mozilla Firefox Password issue with Mozilla Firefox
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Password issue with Mozilla Firefox

Started by Sobrietas, September 25, 2009, 12:05:04 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Sobrietas

I want to report a bug in Coppermine.
When you login to Coppermine 1.4 with Mozilla Firefox (v3.5.3) and alter the thumbnail of an album, Coppermine puts a password on that album en shifts accessability to 'only me'.
The only way to solve that now is removing the password in Firefox, logging in again, remove that password Coppermine has put on the album and change the album to 'public' again.

Joachim Müller

Thanks for your readiness to share what you consider a bug in coppermine, but that's a feature of your browser as far as I can tell that you can turn off if it bothers you.
Yours is anyway not a genuine bug report; it doesn't even qualify as valid support request, as you failed to post a link to your gallery although that is mandatory as per board rules.
If you're still convinced that you have discovered a genuine bug, then post a link to your gallery.

onthepike

I cannot reproduce your issue exactly, but I have both seen a similar issue and experienced one myself, though neither are the fault of Coppermine. The issue pertains to the use of "Auto Fill" (a generic browser term) and/or the use of third-party login software, such as Norton Internet Security in my case (for example).

Anytime there is a password "textarea" on a given page, a browser will afford the option to save that information for later use. As will third-party login software such as NIS described above. The problem is, neither the browser settings nor software settings recognize this page as a "settings" page, but instead a "login page" due to the password input area. So, assuming you had set an admin password prior, that password will be placed within the password field thereby enabling a password-protected album upon submit by virtue of placing the previously used password into that field. And many times it goes unnoticed.

There are many way to work around and resolve this issue. I would first check my browser settings and disable "auto fill" and test. Then, move onto any thrid-party login software (if applicable) and delete the cookie and test. But knowing you use only FF (where I use IE) and not knowing if you use any other login software, it's difficult to give you exact instructions for resolution.

Are you using third-party login software? Have you reset auto-fill?

Try these steps and let us know if they were of any help.

Sobrietas

Quote from: Joachim Müller on September 25, 2009, 12:45:35 PM
Thanks for your readiness to share what you consider a bug in coppermine, but that's a feature of your browser as far as I can tell that you can turn off if it bothers you.
Yours is anyway not a genuine bug report; it doesn't even qualify as valid support request, as you failed to post a link to your gallery although that is mandatory as per board rules.
If you're still convinced that you have discovered a genuine bug, then post a link to your gallery.

Thanks for your reply. Indeed i can turn off the password feature in Firefox, but still i think it is a bug that CM uses the login password to 'lock' an album when you change the thumbnail. The link to the considered gallery is http://www.beeldjagers.nl/gallery/index.php?cat=10035.

Sobrietas

Quote from: onthepike on September 25, 2009, 12:46:10 PM
I cannot reproduce your issue exactly, but I have both seen a similar issue and experienced one myself, though neither are the fault of Coppermine. The issue pertains to the use of "Auto Fill" (a generic browser term) and/or the use of third-party login software, such as Norton Internet Security in my case (for example).

Anytime there is a password "textarea" on a given page, a browser will afford the option to save that information for later use. As will third-party login software such as NIS described above. The problem is, neither the browser settings nor software settings recognize this page as a "settings" page, but instead a "login page" due to the password input area. So, assuming you had set an admin password prior, that password will be placed within the password field thereby enabling a password-protected album upon submit by virtue of placing the previously used password into that field. And many times it goes unnoticed.

There are many way to work around and resolve this issue. I would first check my browser settings and disable "auto fill" and test. Then, move onto any thrid-party login software (if applicable) and delete the cookie and test. But knowing you use only FF (where I use IE) and not knowing if you use any other login software, it's difficult to give you exact instructions for resolution.

Are you using third-party login software? Have you reset auto-fill?

Try these steps and let us know if they were of any help.

Thanks for the reply. Considered this particular gallery i just have user rights. I don't use third party login software. Removing the password cookie in Firefox solves the issue, but it took quite a while to recover that solution, that is why i posted the issue.

onthepike

Quote from: Sobrietas on September 25, 2009, 12:58:42 PM
Still i think it is a bug that CM uses the login password to 'lock' an album when you change the thumbnail.

No, I don't believe this to be true. This, your issue, is a browser/cookie issue and not related to Coppermine directly. Some of the possible reasons have been outlined above. But I will repeat: Auto-fill or a third-party login software application is placing your admin password into the password field creating a password protected album upon submit.

onthepike

Quote from: Sobrietas on September 25, 2009, 01:05:07 PM
Thanks for the reply. Considered this particular gallery i just have user rights. I don't use third party login software. Removing the password cookie in Firefox solves the issue, but it took quite a while to recover that solution, that is why i posted the issue.

Users, if configured, may have private albums as well. This is not limited to admins. Usually, however, admins post here while CPG members contact their respective admins.

In any case, when modifying your albums, pay close attention that the password field is left empty.

Sobrietas

Quote from: onthepike on September 25, 2009, 01:16:17 PM
Users, if configured, may have private albums as well. This is not limited to admins. Usually, however, admins post here while CPG members contact their respective admins.

In any case, when modifying your albums, pay close attention that the password field is left empty.

I don't have admin rights on this particular gallery, but i do on another one, so i am familiar with the admin possibilities considered Coppermine.
Thanks again for your advice!