Re: Password Protected Profiles - VOTE HERE !!! You knowyouwant this feature!
At 18:47 18/12/2000 +0100, Peter Lairo wrote: you guys just don't get it. Nobody is asking for some all inclusive security system. What is merely requested is a simple and convenient way to "hinder" casual, I don't think anyone is under the misapprehension that you're suggesting all inclusive security. I think that it is the illusion of security that is the problem. accidental peeping into ones e-mail. This is similar to password protecting an excel file or wordperfect document. Simple. And non-effective. If you use a password to gain access to your email using Mozilla how does this stop searches for text in all files by anyone? It is entirely non-functional except when running Mozilla. Now you can say, 'Oh but that's good enough' and it may well be for you. But for the currently 2 million other users, rising to a billion, will it be? Or will the extremely public knowledge of 'Oh you can password protect things in Mozilla, but you can just read the files normally anyway. Hey if you want to search all the email on your machine just hit F3.', damage the reputation of the product as a whole and call into question the integrity in other areas? It is this latter view that concerns people. The utility of protecting files from different users isn't doubted, this just isn't the way to do it. Simon
Re: Password Protected Profiles - VOTE HERE !!! You knowyouwant this feature!
At 13:44 18/12/2000 -0500, Stuart Ballard wrote: "Simon P. Lucy" wrote: It is an optimal solution if you define optimal to be the best possible cost versus benefit. Most users use win9x which has virtually NO "Permission management". Anyhow, the password would be far from not doing "anything". 99% of unintentional or novice snooping is highly significant. Hmm. Its not best possible cost because it fixes the wrong problem. Providing a non-functional passwording system on a more secure operating system would simply irritate the users of those systems. Hmm. I do see your point, but on the other hand, we have *already* irritated such people more than enough by providing the non-functional "profile" system in the first place on systems (*nix and to a lesser extent Win2k) that already have much more sophisticated ways to deal with multiple users. In that situation, support for multiple mail accounts removed the only possible reason anyone might have wanted profiles on *nix... we have them anyway. And yes, as a user of such a system, I *do* find it irritating (although, I have to admit, Moz does a good job of making the unnecessary profiles functionality invisible and unobtrusive). Clearly, not irritating users of "real" operating systems wasn't a high design priority :) This feature can be implemented with a *reduction* in irritation to everyone, by turning profiles off altogether for sufficiently advanced OSs. Agreed that there is a lot of grief associated with profiles and perhaps they are better off not existing at the moment. However, some mechanism of differentiating one mode of use or the defaults for a particular user is still going to be needed, let alone persistence attributes. So, you might have a slimmed down 'profile' but you'll still need the same information. There are all sorts of mechanisms that allow that on both secure and non secure operating systems. A screen saver with a password is only one. Leaving a machine on without some kind of control would just avoid any security anyway. It would take a lot longer to open a browser and enter a password for the profile than it would to enter a password on a screen saver or keyboard lock. Up until recently, I lived in a home with children and a single family computer. I also know several people who do so. In all these situations that I know of, I am the only person who would have the first clue where to look for profile data if I wanted to break this "security". The others range from "uh, what's a file?" to fully capable of figuring out and using most applications, and even doing simple HTML authoring. For the large proportion of households that don't contain an advanced computer user or script kiddie (I don't consider script kiddies advanced :) ) the mere existence of a password would be more than enough protection. We're talking about the "sister doesn't want annoying younger brother reading her email to her girlfriends about boys" kind of security. The sort of security provided by those journals that come with locks that I could pull apart with my bare hands if I really wanted to. The sort of security that is *all most home users really need*. Advanced users, of course, know that this security is inadequate for them. But advanced users also know how to get better security, so it doesn't *matter*. All that would be fine if the password achieved anything outside of Mozilla, but it doesn't. No one needs to know where the profile data is, it can be found accidentally or otherwise just by pressing F3 and indicating the entire machine to search. There are then two alternatives, not worry about very insecure operating systems, or bring all of the data into the application domain. No clear text files. I don't have a particular problem with the latter until someone complains that they can't read their own data any more because of a bug. You can, of course, apply PGPDisk so that it is encrypted outside of the application but I think that's a solution too sophisticated for the people who need the protection. Simon
Re: Password Protected Profiles - VOTE HERE !!! You knowyouwant this feature!
you guys just don't get it. Nobody is asking for some all inclusive security system. What is merely requested is a simple and convenient way to "hinder" casual, accidental peeping into ones e-mail. This is similar to password protecting an excel file or wordperfect document. Simple. "Simon P. Lucy" wrote: At 18:12 18/12/2000 +0100, Peter Lairo wrote: Braden McDaniel wrote: In article [EMAIL PROTECTED], "Peter Lairo" [EMAIL PROTECTED] wrote: It is an optimal solution if you define optimal to be the best possible cost versus benefit. Most users use win9x which has virtually NO "Permission management". But I'm fairly certain you can get utilities that are designed to alleviate that shortcoming. Mozilla, though, is designed to be an Internet application suite. Let's put it this way, outlook has password protected profiles and is the most widely used mail prog. People seem to be happy with this solution and don't seem to mind the "imperfect" protection!!! Other people's bad decisions are rarely grounds for repeating the same mistake. Since most office computers are ON all day, it would be nice to at least have the OPTION to "manage" my risk. It is not the mission of Mozilla to give you *all* of the available options of things you can do with a computer. The option you want is something that I think falls outside its domain, and that I seriously doubt it could do well. I capped OPTION, because someone was objecting to being FORCED to use an "imperfect" protection!!! I think the main objection is that it is an option that Mozilla isn't going to support, because at base its a broken option. The assumption is that the application should provide file permissions when the underlying operating system doesn't. That is outside Mozilla's domain. Also, at home, I don't want to necessarly protect my entire PC (i usually turn it on and walk away and do other things; when i return, I want it to be booted COMPLETELY - and not have to enter a password and wait AGAIN until the login finishes). I see. You want Mozilla to have a login screen because your computer/OS login is too slow. NO, i capped "AGAIN", not "wait"!!! How does a keyboard lock or screen saver not do that? If you walk away from a machine which is running and logged in without any protection, regardless of the circumstances of the environment, if anyone happens to see information that you don't want them to that's really your problem not the application's, or even the operating system, unless and until you install retinal verification. Simon Braden Please make at least an effort to read a post before regergitating your preconceived opinons. -- Regards, Peter Lairo -- Regards, Peter Lairo
Re: Password Protected Profiles - VOTE HERE !!! You knowyouwant this feature!
"Simon P. Lucy" wrote: It is an optimal solution if you define optimal to be the best possible cost versus benefit. Most users use win9x which has virtually NO "Permission management". Anyhow, the password would be far from not doing "anything". 99% of unintentional or novice snooping is highly significant. Hmm. Its not best possible cost because it fixes the wrong problem. Providing a non-functional passwording system on a more secure operating system would simply irritate the users of those systems. Hmm. I do see your point, but on the other hand, we have *already* irritated such people more than enough by providing the non-functional "profile" system in the first place on systems (*nix and to a lesser extent Win2k) that already have much more sophisticated ways to deal with multiple users. In that situation, support for multiple mail accounts removed the only possible reason anyone might have wanted profiles on *nix... we have them anyway. And yes, as a user of such a system, I *do* find it irritating (although, I have to admit, Moz does a good job of making the unnecessary profiles functionality invisible and unobtrusive). Clearly, not irritating users of "real" operating systems wasn't a high design priority :) This feature can be implemented with a *reduction* in irritation to everyone, by turning profiles off altogether for sufficiently advanced OSs. There are all sorts of mechanisms that allow that on both secure and non secure operating systems. A screen saver with a password is only one. Leaving a machine on without some kind of control would just avoid any security anyway. It would take a lot longer to open a browser and enter a password for the profile than it would to enter a password on a screen saver or keyboard lock. Up until recently, I lived in a home with children and a single family computer. I also know several people who do so. In all these situations that I know of, I am the only person who would have the first clue where to look for profile data if I wanted to break this "security". The others range from "uh, what's a file?" to fully capable of figuring out and using most applications, and even doing simple HTML authoring. For the large proportion of households that don't contain an advanced computer user or script kiddie (I don't consider script kiddies advanced :) ) the mere existence of a password would be more than enough protection. We're talking about the "sister doesn't want annoying younger brother reading her email to her girlfriends about boys" kind of security. The sort of security provided by those journals that come with locks that I could pull apart with my bare hands if I really wanted to. The sort of security that is *all most home users really need*. Advanced users, of course, know that this security is inadequate for them. But advanced users also know how to get better security, so it doesn't *matter*. Stuart.
