NoOp wrote:
On 04/01/2012 10:00 PM, Bill Davidsen wrote:
I am doing some work for an agency which has a requirement that they will have a
recent copy of all passwords stored on any computer accessing their site.
Previously I was able to use an HTML file which did the job, it doesn't work
with recent SM versions.
Easy. If you wish to copy the SeaMonkey PW's have a look at:
<https://bugzilla.mozilla.org/show_bug.cgi?id=571997#c23>
Otherwise review the thread regarding this issue from just a few days
ago (Subject: my bad, my bad)
This isn't a discussion of whether that's a good idea, it's a policy
requirement, and not worth quitting over, since I got a letter from the legal
department saying I had told them it was a bad idea, and I'm not on the hook if
there's a compromise.
That's the scariest "policy" that I've ever heard. Don't know what the
"agency" is (a phishing agency? - certainly can't be a government
"agency"), but I'd strongly suggest hiring a lawyer yourself&
contesting the issue. If you have a Facebook account, an ISP account
(you are Verizon), etc., you are most likely in violation of their TOS
by releasing your passwords to a third party, and may be dropped
completely[1].
If you actually plan to give these people *all* of your passwords, then
I hope you are prepared to turn over up your /etc/passwd, /etc/shadow,
all ssh keys, pam keys, vnc password, root password, secure logs (and of
course the system passwords so they can access those as well, TrueCrypt
passwords, ecryptfs passwords, etc., etc. You might just as well drop
your drawers and let them have at it.
Were I you, I'd ask them to provide me with a machine that will be used
*solely* for accessing their site/data/whatever& tell them to either
take a flying leap regarding the other, or face a lawsuit. I'm pretty
sure that the EFF might be interested in your 'situation'.
It will be done, the question is if there is a way to do it easily and get it on
dead trees.
Oh, and a way to conveniently move a limited number from one machine to another
would be a time saver, as well. If there is such a thing.
So you'll be giving them the passwords on the other machine as well?
Either way... good luck.
[1] Simple example for you:
http://www.verizon.net/policies/vzcom/tos_popup.asp
[MANAGEMENT OF YOUR DATA AND COMPUTER. - Your Responsibilities Regarding
Security.]
THe OP has offered a clarification that the passwords
are for access TO (and from)the website in question.
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
