30
edits
Firefox:Safer Extension Installation: Difference between revisions
Firefox:Safer Extension Installation (view source)
Revision as of 03:37, 2 January 2005
, 2 January 2005Improved Security - install confirmation mechanism
No edit summary |
(Improved Security - install confirmation mechanism) |
||
| Line 29: | Line 29: | ||
- make user type "install" to install an extension? | - make user type "install" to install an extension? | ||
*How about using a 'password', gathered and stored similar to other passwords? It's left as an exercise for the reader to determine if autofill would be tolerable (someone will build an extension to do it, surely). | |||
*Here's my pitch: | |||
**The crowbar becomes the primary entry point for remote installs. | |||
**The crowbar integrates the password mechanism. The timer goes away. | |||
**For users who can change the whitelist, controls appear to allow doing so (directly) and also to allow one-time bypassing. (Can an admin pre-populate the whitelist and/or make it read-only?) | |||
**The former install dialog becomes both on-demand and purely informational (warning, domain name, software name, etc.). | |||
*If this is all whack, just delete it. It won't hurt my feelings. ;-) | |||
User Trusted, Site Trusted: | |||
+--------------------------------------------------------------------------------------------+ | |||
|----- Attempting + Trusted Site ----------+ + Password ------------+ +-------+ +-------+ _ | | |||
| \!/ To Install | [ ]Switch to untrusted | |[ ]| |Install| |Details| |X|| | |||
| V Software +------------------------+ +----------------------+ +-------+ +-------+ - | | |||
+--------------------------------------------------------------------------------------------+ | |||
User Trusted, Site Untrusted: | |||
(Default to >This Install< since they attempted it? [Or >Never< if autofill is likely.]) | |||
+--------------------------------------------------------------------------------------------+ | |||
|----- Attempting + Untrusted Site --------+ + Password ------------+ +-------+ +-------+ _ | | |||
| \!/ To Install | Trust:[This install :v]| |[ ]| |Install| |Details| |X|| | |||
| V Software +-------|This website |+ +----------------------+ +-------+ +-------+ - | | |||
+-------------------------+===============+--------------------------------------------------+ | |||
User Untrusted, Site Trusted: | |||
+--------------------------------------------------------------------------------------------+ | |||
|----- Attempting + Trusted Site ----------+ + Password ------------+ +-------+ +-------+ _ | | |||
| \!/ To Install | Installation allowed | |[ ]| |Install| |Details| |X|| | |||
| V Software +------------------------+ +----------------------+ +-------+ +-------+ - | | |||
+--------------------------------------------------------------------------------------------+ | |||
User Untrusted, Site Untrusted: | |||
+--------------------------------------------------------------------------------------------+ | |||
|----- Attempting + Untrusted Site -------------------------------------------+ +-------+ _ | | |||
| \!/ To Install | Software from this site is considered a security risk. | |Details| |X|| | |||
| V Software +-----------------------------------------------------------+ +-------+ - | | |||
+--------------------------------------------------------------------------------------------+ | |||