Add documentation recommending against autosubmit (#132)
This commit is contained in:
Erayd
@@ -24,6 +24,7 @@ In order to use Browserpass you must also install a [companion native messaging
|
|||||||
- [Modal HTTP authentication](#modal-http-authentication)
|
- [Modal HTTP authentication](#modal-http-authentication)
|
||||||
- [Password store locations](password-store-locations)
|
- [Password store locations](password-store-locations)
|
||||||
- [Options](#options)
|
- [Options](#options)
|
||||||
|
- - [A note about autosubmit](#a-note-about-autosubmit)
|
||||||
- [Usage data](#usage-data)
|
- [Usage data](#usage-data)
|
||||||
- [Security](#security)
|
- [Security](#security)
|
||||||
- [Privacy](#privacy)
|
- [Privacy](#privacy)
|
||||||
@@ -232,6 +233,12 @@ Browserpass allows configuring certain settings in different places places using
|
|||||||
- Custom store locations - badge background color (aka `bgColor`)
|
- Custom store locations - badge background color (aka `bgColor`)
|
||||||
- Custom store locations - badge text color (aka `color`)
|
- Custom store locations - badge text color (aka `color`)
|
||||||
|
|
||||||
|
### A note about autosubmit
|
||||||
|
|
||||||
|
While we provide autosubmit as an option for users, we do not recommend it. This is because, while Browserpass' fill logic is robust and usually reliable, it occasionally gets things wrong and fills something (typically the username) into a field or form where it doesn't belong. If autosubmit is enabled, then this can result in Browserpass _automatically submitting_ sensitive credentials into something that isn't a login form.
|
||||||
|
|
||||||
|
As the demand for autosubmit is extremely high, we have decided to provide it anyway - however it is disabled by default, and we recommend that users do not enable it.
|
||||||
|
|
||||||
## Usage data
|
## Usage data
|
||||||
|
|
||||||
Browserpass keeps metadata of recently used credentials in local storage and Indexed DB of the background page. This is first and foremost internal data to make Browserpass function properly, used for example to implement the [Password matching and sorting](#password-matching-and-sorting) algorithm, but nevertheless you might find it useful to explore using your browser's devtools. For example, if you are considering to rotate all passwords that you used in the past month (e.g. if you just found out that you had a malicious app installed for several weeks), you can retrieve such list from Indexed DB quite easily (open an issue if you need help).
|
Browserpass keeps metadata of recently used credentials in local storage and Indexed DB of the background page. This is first and foremost internal data to make Browserpass function properly, used for example to implement the [Password matching and sorting](#password-matching-and-sorting) algorithm, but nevertheless you might find it useful to explore using your browser's devtools. For example, if you are considering to rotate all passwords that you used in the past month (e.g. if you just found out that you had a malicious app installed for several weeks), you can retrieve such list from Indexed DB quite easily (open an issue if you need help).
|
||||||
|
|||||||
@@ -48,7 +48,7 @@ function attach(element) {
|
|||||||
function view(ctl, params) {
|
function view(ctl, params) {
|
||||||
var nodes = [];
|
var nodes = [];
|
||||||
nodes.push(m("h3", "Basic settings"));
|
nodes.push(m("h3", "Basic settings"));
|
||||||
nodes.push(createCheckbox.call(this, "autoSubmit", "Automatically submit forms after filling"));
|
nodes.push(createCheckbox.call(this, "autoSubmit", "Automatically submit forms after filling (not recommended)"));
|
||||||
nodes.push(createInput.call(this, "username", "Default username", "john.smith"));
|
nodes.push(createInput.call(this, "username", "Default username", "john.smith"));
|
||||||
nodes.push(createInput.call(this, "gpgPath", "Custom gpg binary", "/path/to/gpg"));
|
nodes.push(createInput.call(this, "gpgPath", "Custom gpg binary", "/path/to/gpg"));
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user