| |||||||||||||
|
| |||||||||||||
Killing web browsers - part IIKilling web browsers - part IIPosted Oct 29, 2004 14:41 UTC (Fri) by RobSeace (subscriber, #4435)In reply to: Killing web browsers - part II by kleptog Parent article: Killing web browsers - part II
All you really need to do to accomplish this form of "privilege separation"
(Log in to post comments)
Killing web browsers - part II Posted Oct 29, 2004 18:14 UTC (Fri) by NAR (subscriber, #1313) [Link] There, now your browser can only access stuff as this other user; and, presumably, you'd have pretty much NOTHING lying around which that user would have access to modify/delete...The problem is that the data the browser needs to read/write can be still sensitive - think about passwords stored by Opera's Wand function (and I think Mozilla has something similar)...
Killing web browsers - part II Posted Oct 29, 2004 19:36 UTC (Fri) by RobSeace (subscriber, #4435) [Link] Well, I've always thought those silly "remember all passwords I type"functions were completely stupid, anyway... I never use them... Yes, Moz does have such a thing, but I certainly don't use it, and I wouldn't recommend anyone use it... BUT, I thought it at least encrypted the saved passwords, and required some master password to unlock them? Maybe not... Like I say, I don't use it... If they just leave it lying around in plain-text, then it's a very broken design, in the first place, I'd say... You can't really help people if they TRY to shoot themselves in the foot by using broken-by-design security-compromising features, just to save themselves a little typing every now and then... Such people probably would never even bother going through the trouble of setting up such a separate user system for added security in the first place, since they're obviously not too concerned with security, it seems... But, I'd think there really SHOULDN'T be any need for a web browser to ever access any sensitive info on your hard drive...
|
|
||||||||||||