Sam Steingold wrote:
>>* In message <[EMAIL PROTECTED]>
>>* On the subject of "Re: Profile directory and "salting"."
>>* Sent on Sat, 05 May 2001 16:19:55 +0100
>>* Honorable Gervase Markham <[EMAIL PROTECTED]> writes:
>>
>>Past experience shows that a great deal of nasty web-related browser
>>exploits and so on rely on the attacker knowing the profile directory
>>on the local system of the user (as many users do not change from the
>>defaults.) This is merely a contained and sensible response to
>>severely limit that threat.
>>
>
> "security by obscurity"?
> is this the _only_ way to fix this?!
>
> [I hate the salted profile directories too!]
>
>
I think the user should have a choice whether the "salting" is done or
not. A simple choice "for security create random profile folder" or
something like that would be nice. It could be defaulted to do the salting.
-- ------------------------------------------------------ --
Randy Slemko
[EMAIL PROTECTED]
