In <news:[email protected]>, Rufus <[email protected]> wrote:
> David E. Ross wrote: > > On 4/25/10 4:08 PM, Rufus wrote: > >> »Q« wrote: > >>> In <news:[email protected]>, > >>> Rufus <[email protected]> wrote: > >>> > >>>> Once a hacker has your bookmarks file and the file containing > >>>> your passwords, you're open to any sort of ID theft permissible > >>>> by that combination. Your browser information is one of the > >>>> best targets for a hacker to exploit...so being able to just > >>>> wipe the Master encryption key and be able to still access that > >>>> information is about the next best thing to no protection at > >>>> all... > >>>> > >>>> I certainly hope that isn't the case, and is why SM wipes all > >>>> passwords out on a Master reset. > >>> It *is* the case, which is the point. Users have the option of > >>> using no master password protection at all, anyway. > >>> > >>> Setting the master password to the empty string is a workaround > >>> for a specific problem the OP has. The OP doesn't want to use a > >>> master password in the first place, so using the empty string as > >>> the password won't decrease the OP's security. > >>> > >> Maybe, but I'm very surprised a user would be able do that without > >> still wiping out his password list - simply changing the Master to > >> a null string once it has been set is still a change; I question > >> if that will actually work...and quite hope it doesn't work, > >> really...for all of the reasons above. > > > > Another example of trying to over-protect experienced users. > > Actually, I'd think there would have to be an extra branch in the > code to be able to do this...which would be an implementation to > blatantly NOT protect users - experienced or otherwise. Erasing all the users' passwords when they want to stop using a master password wouldn't protect them from anything in any way -- it would just force them to re-type all their passwords into SeaMonkey again. -- »Q« /"\ ASCII Ribbon Campaign \ / against html e-mail X <http://www.asciiribbon.org/> / \ _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
