Imagine the following situation: You are the webmaster of a huge, worldwide company. You are running several intranets and extranetes inside you company. Most of them require javascript, a few require popups and a few other require preveliged XUL based on codebase principals. You need to configure about 300 Domains (30 applications x 10 countries) classified into the 4 groups/zones (javascript, popups, preveliged XUL and "internet zone").
Tell me why a website whitelist for each feature is better than creating 4 zones, granting them the needed rights and then bind the websites to the zones?
I think this comes down to the intended use case: Is our primary concern protecting the typical Firefox, etc., user, who's primarily concerned with surfing the public internet, or is our primary concern protecting intranet users and providing tools for intranet admins?
Arguably a typical Firefox user isn't concerned with what "zone" a site is in; instead they consider each site individually: First they go to Google, and then they go to eBay, and then they go to Citibank, and then they go to "Joe's Parrot Blog", and so on. They make security-relevant decisions for each site individually, and different users may make different decisions for each site: For example, one user may allow popups, etc., for Citibank (because they bank there) but not do so for Bank of America; another user may do the exact reverse.
Typical users (if they're anything like me) also make each "yes/no" decision separately as they encounter new sites; for example, IMO a typical user is not likely to sit down and say "let's create a 'financial services' zone and populate it with Citibank, Schwab, Fidelity, etc.", even if the user happens to be customers of all those companies.
Now, it's legitimate to argue that Firefox should provide better support for intranet use, with use cases like the one you suggest. However traditionally the Firefox developers have prioritized consumer Internet use over enterprise intranet use, and IMO were and are right to do so.
(As to why I believe this, that's a subject for another post.)
Or why i should harm an intranet website requiring javascript, because a security issue in the internet (zone) requires to disable javascript for a few days outside of the intranet (currently javascript is a global on/off)? Especially when i am not a single user but the administrator for 10.000 users running busines critical webbased applications.
Again, I'm not arguing against ignoring the needs of enterprise users, I'm just saying that they are not necessarily relevant to the needs of typical users. I think it's also the case that a lot of the complexity that you advocate doesn't need to be directly visible to users, whether on the internet or intranet. In theory there's no need for even intranet users to be exposed to an IE-style "security zones" model in terms of the standard preferences dialogs; instead that complexity could be pushed off to the tools used by admins to produce customized Firefox versions and configurations for distribution to intranet users.
Frank
-- Frank Hecker [EMAIL PROTECTED] _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
