No option for requiring the user to enter the certificate manager's password again after an expiration time

NEW
Unassigned

Status

enhancement
16 years ago
5 months ago

People

(Reporter: ifinci, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Currently, the password for the certificates manager is entered only the first
time it is needed, there should be an option to set it to different times (like
after X time of inactivity) like there is in mozilla.
QA Contact: asa
Changing OS to all
OS: Linux → All
QA Contact: preferences
Assignee: mscott → nobody
This bug seems to be about security.ask_for_password setting. It is in code and looking in the about:config on Thunderbird it appears. The fact is that it is not used on code.

Mmmmm... On mozilla-central it happens the same. Values are defined for the setting (0, 1,2) at the documentation http://kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries#Security. but it is not used anywhere.

should we consider this to be an enhanecment request, or a bug? or undesireable and wontfix?

Flags: needinfo?(shopik)
Flags: needinfo?(kaie)
Summary: no option for how often to enter the certificate manager's password. → no option for how often to enter the certificate manager's password

Could be enhancement request. Its common to have expiration after unlocking "vault" in other apps

Flags: needinfo?(shopik)

An option like this would have to get implemented at the NSS library level, because it's NSS that decides if it prompts for it.

Flags: needinfo?(kaie)
Summary: no option for how often to enter the certificate manager's password → No option for requiring the user to enter the certificate manager's password again after an expiration time
Severity: normal → enhancement

n.b. this is more or less the same as https://bugzilla.mozilla.org/show_bug.cgi?id=838272
.. and indeed this is a security weakness in Firefox, etc, which I do hope that Mozilla fixes promptly.

You need to log in before you can comment on or make changes to this bug.