"User Profiles should be able to be protected with passwords."
If you agree with the above statement, please vote for this BUG to be
fixed here:
http://bugzilla.mozilla.org/show_bug.cgi?id=16489
The person managing this bug (Conrad) has been blocking efforts to
implement this feature. Only if enough people show interest in this
feature and VOTE for it to be fixed, do we have ANY hope of it being
implemented. Please help.
Here are my arguments for this important feature:
===============================
... there is no absolute need to encrypt the actual files in the
profile's directory.
That would be overkill. All we need is to be able to deter someone from
accidentally entering our profile by hitting ENTER in the profile
manager. It
will also deter 99% of people who want to take a "peek" at our mail and
bookmarks. It would be the same feature as in NC 4.5 - a simple password
that
permits entry into ones profile.
Those who are willing to read through hundreds of pages of difficult to
read
text files to read our mail will likely not be able to be deterred by
encryption
either. Please create a simple password protection for profiles for the
99% of
us "casual" users.
This should be simple enough to implement in a near nightly build ;-)
===============================
... I know it would be "insecure" but it would still deter 99% of casual
users who don't even know where the mail files are located. It would
also
prevent people from accidentally hitting return in the profile manager
and
entering someone elses profile. MOST users would benefit from this. You
could
even pop-up a warning message infoming the masses that this protection
is not completely
secure. If mozilla is to retake the mainstream crown, it must also
satisfy the
majorities' wishes (even if not 100% "secure"). Encryption can always be
added
later without redoing the code for this request.
===============================
A warning dialogue could appear when selecting to password protect a
profile
(it is taken DIRECTLY from the NC4.x webpage!!!):
"Specifying a password for your local user profile does not encrypt
profile data
in any way, nor does it prevent others from renaming or deleting
profiles, but
it can prevent users from inadvertently accessing profile data without
first
entering a password.
This mechanism may therefore be appropriate in a home environment, where
members
of a family may want to keep their information separate, or for
developers who
may want to keep their working profile separate from profiles used for
testing
purposes.
It is not appropriate as a replacement for OS-level security, nor should
it be
used as the only means of protection within a lab or kiosk environment
where
users have an expectation of privacy. For these environments,
administrators
may wish to consider Communicator 4.5's Network Install or Roaming
Access
features, which retrieve profile information from centralized servers."
The full text is at:
http://home.netscape.com/communicator/v4.5/passwords/index.html
===============================
Even if you don't feel as strongly about this as I do, but think it
would be a good feature to have, PLEASE vote for it by clicking the link
above.
--
Regards,
Peter Lairo
