The password manager extension for Midori is based on formhistory.c and on my
userscript for password management (http://userscripts.org/scripts/show/62098).
It works by reading the network passwords with domain "midori" from the login
keyring and storing them in a GHashTable. Whenever your browser loads a page
with a corresponding address in the GHashTable, a script that inserts user
and password is built and executed on that page. Whenever you submit a login
form, a similar script is built and executed, and returns the new data, which
is stored in the GHashTable and in the login keyring.
When you choose to never store a password for a site, the extension will store
a user/password pair equal to __never_store_here__/whatever. The user part of
the pair (i.e. __never_store_here__) is used to remember that passwords must
not be stored.
Sometimes the extension fails to detect that a form has been submitted, so it
won't store your user/password pair. In such cases use the lpins utility to
manually insert the pair into the login keyring, like this
$ lpins http://www.averystrangelogin.com user password
Note that the pair is inserted in the login keyring, not in the GHashTable, so
you need to deactivate/reactivate the extension so it'll read the new pair.
* I don't know how to check when the login is successful, so wrong user-
password pairs will be stored.
* There isn't a utility for listing/deleting/modifying passwords, use seahorse
for these tasks (Midori passwords have domain "midori").
* I don't know how to deal with password forms that uses md5hash for basic
protection (like ubuntu forums), so the extension won't work for these sites.
Please note that I'm not an expert in internet security, crypting algorithms,