Solve all your problems. Learn to write your own browser.
Printable View
Solve all your problems. Learn to write your own browser.
Well for us unfortunate noobs that isnt the easiest way to get a working browser. :)Quote:
Solve all your problems. Learn to write your own browser.
That's probobly why this dissussion was opened. If you have the knowledge to write your own browser, you probly wouldn't bother posting in such a thread. :)
With firefox you can set a master password that will be used to encrypt all the other passwords, so it's SOMEWHAT more secure, but I still wouldn't trust it.Quote:
Originally posted here by MsMittens
Isn't the signons.txt the wallet password storer? That is, you have the browser remember your logins? Isn't that whole process insecure to begin with? I never used it with IE, why would I use it with Firefox in the first place (I use mozilla but same diff in some regards)?
I know I have at least two stored for news sites, but for everything else I just log in. It could also be an OS thing, I'm on linux.Quote:
chsh, you're probably like me and don't use it, hence why you can't find it. The process of storing user name, password and other info locally has always been an insecurity and one thing that many (if not all) browser manufacturers enable. That and HTML emails are evil things that software manufacturers developed for the "ease of users" (i.e., lazy users).
Um, you just said yourself firefox PR1.0 fixes the clear thing, so really, what's the problem here? You were using an old browser that had a bug in it (it is beta, ya know), and it's since been fixed. In the future, why not simultaneously file a bug report when you find stuff? If the dev. team doesn't know about it, how are they going to fix it?Quote:
Originally posted here by lepricaun
normally i NEVER used stored passwords, but i know of many people who do, so it IS a security issue, and when you can't erase it (although your under the impression that you did), makes it a even bigger security issue.
i did report it, but like you said, it's an old version. but the clear thingy isn't the thing i'm worried about, it's the way the passwords are stored. even IE stores them more safely.Quote:
Um, you just said yourself firefox PR1.0 fixes the clear thing, so really, what's the problem here? You were using an old browser that had a bug in it (it is beta, ya know), and it's since been fixed. In the future, why not simultaneously file a bug report when you find stuff? If the dev. team doesn't know about it, how are they going to fix it?
and that still is the same in the latest release... and although i haven't been able to get the strings decrypted doesn't say it is secure. anyone with local (or remote) access to your computer could retrieve that file and decrypt it at his own computer in a flash.
Hehe, good thing for me I have all outside access blocked. As for anyone having "local" access, if I ever saw someone at my PC that wasn't my gf or someone else explicitly trusted, then they'd have a much greater issue than me losing my password.Quote:
anyone with local (or remote) access to your computer could retrieve that file and decrypt it at his own computer in a flash.
As stated previously, security is 1 divided by convenience. Online protection is sketchy at best, since every method can be circumvented through one method or another as well as enough time given...
Firefox 1.0PR is a lot better in a lot of areas and also needs a lot of improvement. It's not going to stop me from using it though. A few well-used techniques guarding privacy (aka, no passwords being stored) will hamper subversion...
Well, I do store some passwords in Firefox. I really don't know why any one would want them though. Seems like a lot of trouble to go through to just get my 'Washington Post', 'AO', and 'gmail' passwords...........that certainly are not valuable.
Any potentially valuable password will not ever be stored in a web browser. I use 'PassWord Safe' to store most all of my passwords, except my online banking password. That is stored only in my head, and in a sealed envelope in my safe. (note I do have online banking cababilities, but have never used it.)
Password managments was redone in PR1.0:
From release notes:
Quote:
# Strong Encryption For Passwords Available
Passwords saved with the Password Manager can now be more easily encrypted with strong encryption by creating a "Master Password". If you create a Master Password, you are prompted once per session to enter the Master Password so that Password Manager can automatically fill in site logins. A useful feature for people who share computers with others and want improved security.
Care to elaborate? I'm interested in the differences between the two browsers' approach to this feature.Quote:
Originally posted here by lepricaun
i did report it, but like you said, it's an old version. but the clear thingy isn't the thing i'm worried about, it's the way the passwords are stored. even IE stores them more safely.
I find that hard to believe since you yourself are having trouble decrypting it. It's not "in a flash". Instead of wildly guessing at what goes on during the encryption/decryption sequence, why not just go get the source?Quote:
and that still is the same in the latest release... and although i haven't been able to get the strings decrypted doesn't say it is secure. anyone with local (or remote) access to your computer could retrieve that file and decrypt it at his own computer in a flash.
All that aside however, I still don't get what the issue is. These sorts of features are in and of themselves a tradeoff in security -- regardless of which way you look at it. By telling it to remember your password you are no longer required to gain access to a particular site, only your browser is. I see that as a much larger breach in security than an encrypted file on a drive.
One other thing I'd like to mention in comparison to IE's method of safety versus Firefox. How long has IE been out? It wasn't even MS' product and it hasn't changed in over two years. FF has them definitely beat on updates, extensions, themes, and various other areas and I'd put my faith (and have) into a browers that's being updated regularly, has a Security Bounty Program for reporting bugs and exploits, AND allows me to customize it fully...
Password management and storing passwords in a computer can't ever be safe since all of these methods are based on code written by humans. It is a part of human nature to fail. And sadly we always fail when it comes to important things. And this I would call a fact.