Re: Password Protected Profiles - VOTE HERE !!! You know you want this feature!
All the messages in this thread make one thing clear: (1) the programmers are mostly against it. (2) The user are mostly for it. 1) is because when it becomes apparent that it's a terribly-insecure hacky feature, it's the programmers who take the flak. You can't conclude 2), because users who think it's a silly idea won't bother saying so as they can see it's never going to happen :-) It is therefore very clear that the programmers NEED client (users) oriented project managers that will TELL them what to program. Are you volunteering to tell us all what to do? :-) Unfortunately, this discussion has made it very clear that programmers are unable to see the bigger picture. Or how else can one explain why there is a PSM password at all (if the holy OS is to deal with security issues)? There is a difference between the sort of security which keeps users from snooping on one anothers' files (which has to be implemented at OS level, or it won't work) and internal application security. Why should anyone with access to my running PC (e.g. at work) be able to read my local folders mails? They shouldn't. So, we should introduce some proper crypto, not this pathetic simple password stuff which can be got around by anyone with a text editor. Gerv
Re: Password Protected Profiles - VOTE HERE !!! You know you want this feature!
Gervase Markham wrote: All the messages in this thread make one thing clear: (1) the programmers are mostly against it. (2) The user are mostly for it. 1) is because when it becomes apparent that it's a terribly-insecure hacky feature, it's the programmers who take the flak. see my explanation on why you (2) argument is faulty below. You can't conclude 2), because users who think it's a silly idea won't bother saying so as they can see it's never going to happen :-) you can't not conclude it either. Of those who did respond, the tendency I pointed out is quite clear. It is therefore very clear that the programmers NEED client (users) oriented project managers that will TELL them what to program. Are you volunteering to tell us all what to do? :-) If you'l listen ;) Unfortunately, this discussion has made it very clear that programmers are unable to see the bigger picture. Or how else can one explain why there is a PSM password at all (if the holy OS is to deal with security issues)? There is a difference between the sort of security which keeps users from snooping on one anothers' files (which has to be implemented at OS level, or it won't work) and internal application security. So why does the PSM prevent others from reading my NEW mail, but they can still read my local folder's mail? It's inconsistent and to not provide profile PW is hypocrytical. Why should anyone with access to my running PC (e.g. at work) be able to read my local folders mails? They shouldn't. So, we should introduce some proper crypto, not this pathetic simple password stuff which can be got around by anyone with a text editor. The crypto is not needed. All your peers are computer savy. I suspect you don't even realize that 90% of users don't have a clue or interest in searching text files. As with any project or life situation, there needs to be a levelheaded cost-benefit analysis. And in this case, the benefit (impede 90% of users) FAR outweighs the cost (not 100% secure). I know it hurts to do something that is not technically perfect, but you must overcome the pain and see the light of reality ;) Gerv -- Regards, Peter Lairo
Re: Password Protected Profiles - VOTE HERE !!! You know you want this feature!
Martijn Kluijtmans wrote: I just vote for it. Think of the following situation: In a family, every member wants to use Mozilla's, mail facilities - Father gets confidential information from clients - Daughter gets love letters by her friend - Mother enz. Yes, we had this discussion already on .security a few months ago. And of course they don't want anybody to read their e-mail, so if it's not too much too implement, although maybe it's just for Windows, please add this funcionality. I don't expect 100% hack proof, but for normal use, a password would be enough. Unix and WinNT give stronger protection already. Windows 95 and higher has a buit-in password protection (but not more - no dis access protection), and I think we honor that. IIRC, if you activate it somewhere in networking, you can make Windows come up with a login during startup. The Windows preferences will be stored for each user separately, as will the Documents folder, where we will then store Mozilla's profiles, I think. I.e. if you have 2 Windows users, one would not even see the Mozilla profiles (in the Profile Selecltor/Manager) of the other user. Of course, you can still access the Mozilla files on disk, but that's not much different from Word files. Please move the discussion to .security only. (Personally, I think .prefs is the right group, but it's too late.)
Re: Password Protected Profiles - VOTE HERE !!! You know you want this feature!
Martijn Kluijtmans wrote: And of course they don't want anybody to read their e-mail Seems to me that when encryption is turned on in password prefs, a password is required before you can access mail. Or doesn't it work like this any more?
Re: Password Protected Profiles - VOTE HERE !!! You know you want this feature!
Peter Lairo wrote: User Profiles should be able to be protected with passwords. If you agree with the above statement, please vote for this BUG to be fixed here: http://bugzilla.mozilla.org/show_bug.cgi?id=16489 Where do I vote for this bug getting WONTFIX? :-)
Re: Password Protected Profiles - VOTE HERE !!! You know you want this feature!
Ben Bucksch wrote: Peter Lairo wrote: User Profiles should be able to be protected with passwords. If you agree with the above statement, please vote for this BUG to be fixed here: http://bugzilla.mozilla.org/show_bug.cgi?id=16489 Where do I vote for this bug getting WONTFIX? :-) I do agree with the arguments. I really think this would be spending time for a feature that would only exists on some platforms. If you install Moz on a Unix box or NT, only you can access your profile. (As long as you need to make an install per user) The alternative (on Win98 like systems) would be to allow specifying profile's storage directory which could be set to a Cyphered file system like PGPdrive. Francois email: fcartegnie (at) nordnet.fr
Re: Password Protected Profiles - VOTE HERE !!! You know you want this feature!
I just vote for it. Think of the following situation: In a family, every member wants to use Mozilla's, mail facilities - Father gets confidential information from clients - Daughter gets love letters by her friend - Mother enz. And of course they don't want anybody to read their e-mail, so if it's not too much too implement, although maybe it's just for Windows, please add this funcionality. I don't expect 100% hack proof, but for normal use, a password would be enough. Martijn Peter Lairo wrote: User Profiles should be able to be protected with passwords. If you agree with the above statement, please vote for this BUG to be fixed here: http://bugzilla.mozilla.org/show_bug.cgi?id=16489 Even better, if you have the knowledge (unfortunately, I can't program) and interest, maybe you could implement this feature.
Re: Password Protected Profiles - VOTE HERE !!! You know you want this feature!
Peter Lairo wrote: Ben Bucksch wrote: I think, many of those "brothers" are able to get beyond such a simple "security" protection. You're wrong. You obviously have little contact with "regular" people. Got me. I was born that smart, so I never went to school. win2k is too expensive for such a minor issue that can easily be implemented by mozilla If it's so easy to implement, do it.