On 4/25/10 4:08 PM, Rufus wrote: > »Q« wrote: >> In <news:[email protected]>, >> Rufus <[email protected]> wrote: >> >>> Once a hacker has your bookmarks file and the file containing your >>> passwords, you're open to any sort of ID theft permissible by that >>> combination. Your browser information is one of the best targets for >>> a hacker to exploit...so being able to just wipe the Master >>> encryption key and be able to still access that information is about >>> the next best thing to no protection at all... >>> >>> I certainly hope that isn't the case, and is why SM wipes all >>> passwords out on a Master reset. >> >> It *is* the case, which is the point. Users have the option of using >> no master password protection at all, anyway. >> >> Setting the master password to the empty string is a workaround for a >> specific problem the OP has. The OP doesn't want to use a master >> password in the first place, so using the empty string as the password >> won't decrease the OP's security. >> > > Maybe, but I'm very surprised a user would be able do that without still > wiping out his password list - simply changing the Master to a null > string once it has been set is still a change; I question if that will > actually work...and quite hope it doesn't work, really...for all of the > reasons above. >
Another example of trying to over-protect experienced users. -- David E. Ross <http://www.rossde.com/> Go to Mozdev at <http://www.mozdev.org/> for quick access to extensions for Firefox, Thunderbird, SeaMonkey, and other Mozilla-related applications. You can access Mozdev much more quickly than you can Mozilla Add-Ons. _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
