At 13:44 18/12/2000 -0500, Stuart Ballard wrote:
>"Simon P. Lucy" wrote:
> >
> > >It is an optimal solution if you define optimal to be the best 
> possible cost
> > >versus benefit. Most users use win9x which has virtually NO "Permission
> > >management". Anyhow, the password would be far from not doing 
> "anything". 99%
> > >of unintentional or novice snooping is highly significant.
> >
> > Hmm.  Its not best possible cost because it fixes the wrong
> > problem.  Providing a non-functional passwording system on a more secure
> > operating system would simply irritate the users of those systems.
>
>Hmm. I do see your point, but on the other hand, we have *already*
>irritated such people more than enough by providing the non-functional
>"profile" system in the first place on systems (*nix and to a lesser
>extent Win2k) that already have much more sophisticated ways to deal
>with multiple users. In that situation, support for multiple mail
>accounts removed the only possible reason anyone might have wanted
>profiles on *nix... we have them anyway. And yes, as a user of such a
>system, I *do* find it irritating (although, I have to admit, Moz does a
>good job of making the unnecessary profiles functionality invisible and
>unobtrusive). Clearly, not irritating users of "real" operating systems
>wasn't a high design priority :)
>
>This feature can be implemented with a *reduction* in irritation to
>everyone, by turning profiles off altogether for sufficiently advanced
>OSs.

Agreed that there is a lot of grief associated with profiles and perhaps 
they are better off not existing at the moment.  However, some mechanism of 
differentiating one mode of use or the defaults for a particular user is 
still going to be needed, let alone persistence attributes.  So, you might 
have a slimmed down 'profile' but you'll still need the same information.


> > There are all sorts of mechanisms that allow that on both secure and non
> > secure operating systems.  A screen saver with a password is only
> > one.  Leaving a machine on without some kind of control would just avoid
> > any security anyway.  It would take a lot longer to open a browser and
> > enter a password for the profile than it would to enter a password on a
> > screen saver or keyboard lock.
>
>Up until recently, I lived in a home with children and a single family
>computer. I also know several people who do so. In all these situations
>that I know of, I am the only person who would have the first clue where
>to look for profile data if I wanted to break this "security". The
>others range from "uh, what's a file?" to fully capable of figuring out
>and using most applications, and even doing simple HTML authoring.
>
>For the large proportion of households that don't contain an advanced
>computer user or script kiddie (I don't consider script kiddies advanced
>:) ) the mere existence of a password would be more than enough
>protection. We're talking about the "sister doesn't want annoying
>younger brother reading her email to her girlfriends about boys" kind of
>security. The sort of security provided by those journals that come with
>locks that I could pull apart with my bare hands if I really wanted to.
>The sort of security that is *all most home users really need*.
>
>Advanced users, of course, know that this security is inadequate for
>them. But advanced users also know how to get better security, so it
>doesn't *matter*.

All that would be fine if the password achieved anything outside of 
Mozilla, but it doesn't.  No one needs to know where the profile data is, 
it can be found accidentally or otherwise just by pressing F3 and 
indicating the entire machine to search.

There are then two alternatives, not worry about very insecure operating 
systems, or bring all of the data into the application domain.  No clear 
text files.  I don't have a particular problem with the latter until 
someone complains that they can't read their own data any more because of a 
bug.

You can, of course, apply PGPDisk so that it is encrypted outside of the 
application but I think that's a  solution too sophisticated for the people 
who need the protection.

Simon


Reply via email to