Closed Bug 181682 Opened 22 years ago Closed 22 years ago

Salt string in profiles should be removed

Categories

(Core Graveyard :: Profile: BackEnd, enhancement)

Product:
Core Graveyard
Component:
Profile: BackEnd
Platform:
x86
Windows 98
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
CLOSED DUPLICATE of bug 97180

People

(Reporter: bk039, Assigned: ccarlen)

Details

User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt) Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.2b) Gecko/20021016 The default profile location (as incorrectly shown in the release notes) is similar to the following: C:\Documents and Settings\[Windows Login Name]\Application Data\Mozilla\Profiles\[Profile Name]\[random string].slt\ I suggest that the salt portion of the user profile directory should be removed. There is already a unique identifier "[Profile Name]", where duplicate Profile Names are not allowed. Removing the salt directory will also require Mozilla to rename the "[Profile Name]" directory as the profile name changes. Reproducible: Didn't try Steps to Reproduce: Not a bug - cannot be reproduced. Actual Results: Not applicable. Expected Results: Not applicable.
-> Profile Manager (why Print Previuew ?)
Assignee: rods → ccarlen
Component: Print Preview → Profile Manager BackEnd
QA Contact: sujay → ktrina
Do you mean "[random string].slt" ? This is random directory is added for security reasons. -> wontfix
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → WONTFIX
Verified wontfix. As designed.
Status: RESOLVED → VERIFIED
May I ask what security problems could be caused by removal of "[random string].slt"? In Win98, the directory is world-readable anyway. In the various Unicies, the directory is stored in your home directory. No-one can access it (except for Root.) In Win2000, the user can easily block access to his directory by other users. Given that the directory is already visible to everyone (or blocked by the owner), how could the salt directory avert any security problems?
> May I ask what security problems could be caused by removal of "[random string].slt"? See bug 56002.
Reopening to mark as duplicate.
Status: VERIFIED → UNCONFIRMED
Resolution: WONTFIX → ---
Resolving as duplicate. Bug 97180 seems to be an exact match for what I was looking for. *** This bug has been marked as a duplicate of 97180 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago22 years ago
Resolution: --- → DUPLICATE
Verified as a dupe of bug 97180
Status: RESOLVED → VERIFIED
Closing.
Status: VERIFIED → CLOSED
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.