Bob Brannon said:
"Then try deleting the associated userid again. You should get the prompt
that doing that will delete *both* the userid and the password as a pair."
If by doing the above you mean to delete the userid from the form on the
PayPal Web Page, I did try that just now. When I did, I did not get any
message at all.
Well, there is one last possible point of ambiguity there.
E.g. in order to get the desired result, by "delete the userid"
you would have to mean: press CursorDown to see the list
of possible userids to be used in that form's field,
then CursorDown to select the one you want to delete,
then press Delete, (that's when you should have seen the prompt),
then repeat the first two steps just to confirm that the userid has
been deleted from that field's list. Then when you attempt
to reuse it (and sign on again) you would get another opportunity
to save the password or not (assuming AutoComplete for Passwords
is enabled.)
And the entry was still in PSPV. That being the case it
means this whole discussion is moot, if I understood you.
Is there anything else you use that password for?
Perhaps it is being preserved for another form?
If so, try deleting or changing the password on it
and then see if PSPV notices the change.
BTW there are quite a few cases in which IE commits registry
updates only when it is closed. I doubt if this is one of them
but it wouldn't hurt to close all IE windows (and wait for iexplore.exe
to be removed as an active process in Task Manager) in order
to doublecheck for such final changes. In relation to this notice that
you will have to Refresh (F5) PSPV after any updates need
to be checked.
Did you get yourself a copy of RegMon (from SysInternals)?
If the field is AutoComplete RegMon would show you the data
being picked out of a Protected Storage System Provider subkey
(one which you otherwise will be unable to detect.) I think it may
even show you the field name that it is associated with.
(If you know the field names I think you can make another page
which uses the same names and then modify them. I don't know
how the two field names become linked as a userid/password
pair however. I suspect that that would have to be a third value
being saved in there somehow, possibly only stored when the
form is used to submit logon info with.)
Hmm... I just had another look at PSPV's functionality.
Apparently, you can use it to delete or change saved
values. If so, you wouldn't have to bother with any of this
blackbox stuff that I have been referring to. In fact, I guess
it wouldn't matter then even if the password is truly
an AutoComplete item. (I don't know and all my previous
comments were based on empirical knowledge gained
from blackbox testing the AutoComplete UI with respect
to password use.)
PSPV shows the "resource name" with each entry.
Is that the URL of the problem page?
If so, and if the method of deleting the userid/password
pair via the form isn't available to you I suppose that
I would try using PSPV's Delete or Export/Import
instead.
BTW I just tried using RegMon filtering on
Protected Storage System Provider
to trace what PSPV does when I press F5.
Unfortuntately it doesn't show enough of the binary string
Data fields to be able to see what is really being saved
but it may give some insight into what the PSPV's Raw Data
option is showing you. Note that if you want to try to find
your password in there you may have to look only for pieces
of it and separate the characters by a space since the tool
is dumping Unicode in hex with only 16 bytes per line left
for interpreting the hex values (which means essentially
you could search for a *maximum* of 8 data characters
at a time.) In any case, it appears that you might get
some clues about the field names the page(s) use
for presenting the userid and password from that
"Raw Data" report. If you have access to the page's
HTML source you could then match up field names
to get a better idea of whether that data came from
that page. Etc.
HTH
Robert
---
