Firefox/SeaMonkey/Mozilla/Netscape/Flock Browser Extension > Feature Requests / Enhancements
FR: New 'Default' and 'Advanced' Security Modes
tanstaafl:
--- Quote from: adamspiers on May 26, 2007, 09:03:20 PM ---Firstly, thanks for not giving up on the discussion yet ;) It's proving a very difficult topic to discuss in this communication medium, but I think we're gradually making progress...
--- End quote ---
No worries - and I actually prefer this medium, as it provides an easily reviewable record of these conversations - maybe not as effective as a face to face meeting, but better in the long run for everyone.
--- Quote ---it sounds like you're still suggesting taking a domain like 'yahoo.com', converting it into a regexp like 'https?://[^/]+\.yahoo\.com/.*', and then matching the URL of the current page against that regexp.
--- End quote ---
I had to step back a bit and re-read some of this stuff - my brain was starting to cramp... ;) - and you were right about my use of 'TLD' - so below I changed my reference to 'Calculated URL' for clarity.
Let me preface this message by saying that I agree with you in principle, and even mostly in methods, but I think I've come up with an even simpler solution... see if this makes sense...
Given:
1. The 'Calculated URL' is the string that PWM uses to match against when trying to match a 'current URL' to an account URL. This may be just the TLD (which is the current default), or, if the user adds more URL components to the calculated URL in the URL Components Tab, it could contain more (protocol, sub-domain, etc)...
2. The 'Pattern' list is what is *currently* matched against.
3. The 'Use the following URL...' field is what is used to calculate the password when an Account match is found.
4. Currently, the URL comparison is a 'contains' search - hence the need for regex/wildcard patterns. This was also the source of some of the confusion...
5. Your suggestions still include the use of wildcard operators, and thus, room for error and confusion (think 'Grandma')...
What I am proposing is very simple...
1. Create a new 'Default Security Mode', where search behavior for new Accounts is an *exact match* simple string comparison, based purely on the 'Calculated URL'
OPTIONAL: 2. Add an *optional* field for a 'path-string' (the search on the optional-path-string would still be a simple 'contains' search, and if it is empty, it is ignored).
OPTIONAL: 3. Provide the ability to add multiple 'Calculated URL/optional-path-string' pairs to a custom Account in this new 'Default Security Mode', just like you can currently add multiple wildcard/regex patterns.
4. Relabel the 'Use the following URL...' field to 'Use the following value/string...'
Implemented with version 1.7
5. Make the 'URL Components' a per Account Setting. New Accounts inherit the settings that are set in the Defaults, but maintain their values if the Defaults are changed - and can be changed after the account is created, if desired. This will be necessary, so that if someone decides to change the URL Components being used, it won't mess up passwords for existing accounts.
6. Make the current, highly customizable wildcard/regex pattern functionality an optional 'Advanced Security Mode', complete with warnings about how this should only be used if you know *exactly* what you are doing - and even then *be careful!*...
***** EDIT: added 10-25-07 *****
For clarification: numbers 1, 5 and 6 are the important parts of this Feature Request.
RESULT: When an Account is in 'Default' Security Mode, the 'Use the following text...' value IS IGNORED, and the 'Calculated URL' is what is used to calculate the password instead - this mimics the behavior - and provides the same security - as accounts that use the Defaults settings...
***** END EDIT *****
Now, lets use your microsoft.com and msn.com scenario as an example of how this would work...
Per above, when creating the initial account for microsoft.com, I just add 'microsoft.com' to the 'Calculated URLs' lists for this account (eventually this will be automatic when the account is first created).
Now, if I want to add MSN to the mix, all I add is 'msn.com' to the 'Calculated URLs' list (again, eventually, there will be an easy way to just 'Add Current URL' instead of manually typing it). Also, if I wanted the msn.com entry to match only when it was on a specific page, I could put 'login.htm' (or whatever text was needed to identify the proper page) as the 'optional-path-string' for that entry.
No wildcards, no nothing. Simple, clean, easy even for novices to understand.
The UI for entering these could even be made to check for syntax errors - and even validity (do a DNS lookup or something)...
So, what do you think?
[Edited on 6/9/09 for clarity - made some of these changes OPTIONAL]
Eric H. Jung:
Jesus, I'm supposed to read all this? :) I'll have to print it out and read it during my commute on the train Monday morning.
tanstaafl:
Heh - sorry, Eric...
Adam - never heard back from you - did my last make sense to you?
adamspiers:
--- Quote from: tanstaafl on June 02, 2007, 05:16:45 PM ---Heh - sorry, Eric...
Adam - never heard back from you - did my last make sense to you?
--- End quote ---
Sorry for the slow reply, been very busy. In short, YES! I think we are now very close to being 100% aligned. I still want to reply point by point in detail because IIRC there was still an outstanding detail or two, but I can't recall exactly what and don't have time to look at it again right now. Soon though!
Thanks again,
Adam
tanstaafl:
bump...
Just being the squeaky wheel - because I'd love to see this implemented!
:)
Navigation
[0] Message Index
[#] Next page
Go to full version