Re: Security capabilities (enablePrivilege, etc)

Sun, 12 Mar 2006 14:25:11 -0800 

Boris Zbarsky wrote:

JoeS wrote:
Unfortunately, "this does not work" equates to "this software is not capable" for most users. Let the user know when pref controlled capabilities are violated at least. 

Feel free to suggest UI for this.  I don't see a good option yet.

http://piro.sakura.ne.jp/xul/_policymanager.html.en#what
is one answer, I don't use that extension, so can't say how usable it is.


How far do you have to dig to find that capabilities can be managed.



No digging at all.  Basically, access to any property of any object can 
be individually disabled on a per-site basis.


Yes, but only if you know that default policies have been violated.
I think at least an alert should be done here, to let the user know.

Something like " **Danger Wil Robinson Danger**..(lost in space) This 
webpage/mail/newsgroup has violated the following default security 
policy" And maybe a choice to ignore the policy for this instance only, 
or permanently for this site only.(maybe that would be to tempting) 
Additionally for those that don't know what to do, "don't show this 
dialog again"



Unless what you mean is digging to find out what expanded privileges are 
needed to perform a given operation.  That _is_ something we should be 
documenting, if only so we can check that we're implementing it right.

Don't know a lot of folks who check the javascript console regularly, 
and certainly not the average user. The description there does not 
always lead one to the proper violation. In my experience, I had to 
guess a lot on what policy was being violated.



Don't make a secret of what the product is capable of, for the sake of 
security, and let the user decide.

It took me almost 3 years to find out about the CAPS policies in 
Mail/News and what they could do. Most users looking for more capability 
would not stick around that long. Certainly OE users.



Decide what?

If the user wants to give up security for the sake of functionality.
OE shows an alert "do you want to continue running scripts on this page"

But doesn't offer a temporary bypass, or tell you how to adjust the 
defaults.



-Boris



Just as an aside, I think mail and news should not be lumped together as 
it is by default. They should be a distinctly separate set of prefs.


Joe
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security






















					Reply via email to