On primary password window, when click Cancel, close window AND prevent Thunderbird from opening
Hello,
When the primary password window opens and I click Cancel, can that window close AND can it prevent Thunderbird from opening?
Example: what if I bring my pc to a repair shop and they open thunderbird and click Cancel on the primary password window. They can See my previously viewed email. I do not want them to see those. Clicking Cancel AND closing Thunderbird would prevent them from seeing emails.
Could this be a future enhancement?
Thanks
Jim
Tất cả các câu trả lời (4)
This is a known shortfall of that feature, and the bug report to fix it has been in discussion for years. Like you, I would like to see this fixed, but there is no known (to me) anticipated fix date.
Interesting. How can 'we' escalate?
jimform2k1 said
Interesting. How can 'we' escalate?
You can not really.
Unlike David I think the whole idea is not required. Many suggest they need it. Mostly, I think, failing to understand that security through obscurity is no security at all and this sort of password is just that, no security at all.
The data in your Thunderbird profile is stored in plain text. So having a password or not does not in any way limit the access to your data/emails to someone savy enough to look at your hard disk (like the repair technician in your scenario) The primary password is designed and has always been designed to protect your passwords and it does that.
If you want to protect your data, there are operating system user accounts and disk encryption that will be available to secure your data in a far more secure method that this feeble password ever could however there are plenty of folk that think they need a password for varying reasons.
Here are some others that think as you do that have made suggestions in the ideas forum that is linked to from the Thunderbird help menu. https://connect.mozilla.org/t5/ideas/master-password-for-thunderbird/idi-p/10775 https://connect.mozilla.org/t5/ideas/primary-password-was-master-password-to-block-access-to/idi-p/25967 https://connect.mozilla.org/t5/discussions/when-the-password-isn-t-entered-dont-t-let-the-program-start-run/m-p/21214
To the best of my knowledge this was first put up as a bug some 25 years ago. as Bug 16489 y Ninteen years ago Bug 318697 was opened for essentially the same thing. It was fairly promptly closed as invalid as the then master password was for password protection and extending it's function to include the profile was not considered a valid request.
Then 5 years ago Bug 1566458 was opened and discussion commenced again. Fundamentally I do not think there is much will to ever implement the change that is requested.
I think the discussion there between David and myself may be what lead to the bug being restricted regarding comments. But I still maintain that it is not something to enter into lightly. Before any move into password protection there needs to be some serious decisions made. Will the data be encrypted when password protected or is this to be tinker toy security that has no purpose other than to shut up those that keep asking for it? If this is a data protection process, what happens when;
- An incorrect password is entered. Do we delete the profile / Do we delete after XX incorrect attempts?
- A password reset occurs, given the reset assumes you do not know the password not removing data leaves it open to those the password was meant to protect from?
- Do we leave the data there for eternity after multiple incorrect passwords,exposed to a brute force attack?
If you click Cancel (on primary window), close/terminate Thunderbird. Do not allow Thunberbird to open for any reason if Cancel is clicked. Must be too easy to do.