In article <[EMAIL PROTECTED]>, "Peter Lairo" <[EMAIL PROTECTED]>
wrote:
> Braden McDaniel wrote:
>
>> In article <[EMAIL PROTECTED]>, "Peter Lairo" <[EMAIL PROTECTED]>
>> wrote:
>>
>> > "User Profiles should be able to be protected with passwords."
>> >
>> > If you agree with the above statement, please vote for this BUG to be
>> > fixed here:
>> >
>> > http://bugzilla.mozilla.org/show_bug.cgi?id=16489
>> >
>> > The person managing this bug (Conrad) has been blocking efforts to
>> > implement this feature.
>>
>> I don't see any evidence of that. No patches are attached to the bug
>> report. *Who* is attempting to implement this?
>>
>> You want a placebo and Conrad thinks it's a bad idea. I agree with him.
>> If someone does create a patch that does as you describe, I hope
>> mozilla.org has the sense to reject it, regardless of how many naive
>> votes you manage to drum up.
>
> A placebo that prevents 99% of unintentional or novice snooping is not a
> placebo at all - it is a useful feature.
It is a placebo because it provides no real security since it is known to
have a substantial and obvious hole. I don't care what you stick in the
warning dialog, what you're proposing is something that masquerades as a
security layer. A security system that is known to fail in some cases
has what is called a "security hole". I object to adding deliberately-
holey security to Mozilla. I think users lose.
> I would like to know what benefit you have by obstructing this
> "optional" feature.
None. I'm trying to protect the general public from a Bad Idea.
It sounds like all you really want to accomplish is to make profile
selection more difficult in order to make it less likely that someone
will select the wrong profile. I'm sure there are ways to do that without
masquerading as a security layer. For instance, you could require that
users type out the profile name they want to select.
Braden
