Password protect of cache/message list pane broken



10 years ago
9 years ago


(Reporter: philip, Unassigned)


Windows XP

Firefox Tracking Flags

(Not tracked)



(1 attachment)



10 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/2008070208 Firefox/3.0.1
Build Identifier: version (20080708)

In the Thunderbird FAQ there is an item which says:

Password protect the message pane (IMAP only)

    With this trick, Mozilla Thunderbird will password protect the message list pane (aka the thread pane) by keeping it blank until you log in and enter a password for that account. In the Config Editor, search for the preference mail.password_protect_local_cache, and change its value to true

This appears to be broken if there is more than one IMAP server configured.

With this option set to true, when TB is started the message pane is indeed blank, and a password prompt is displayed.

If the password is canceled, the cursor displays an hourglass -- it probably should not be doing this.

Worse, if a password is given on <server 1>, the message pane displays as it should, but going to any of the other servers <server 2>, if the password prompt is canceled the message list is then displayed.

There is also interaction with cached passwords. If a password is cached for <server 3> I would expect there to be no prompt, and the message pane display when going to that server. In practice, even with a cached password a password prompt is still displayed.

Reproducible: Always

Steps to Reproduce:
1. Set up multiple IMAP accounts.
2. Set preference mail.password_protect_local_cache to true.
3. Verify as described in details section above.


10 years ago
Version: unspecified → 2.0
Philip we recently changed the way TB handled passwords - can you try with a recent build and tell us if you still have the issue. Recent builds can be obtained at : Make sure to backup your profile before testing. Thanks in advance.
The recent changes have changed the password protect cache option to require the master password as the password to control access or not. The account passwords can thus be saved correctly and this makes it easier to use.

If you have mail.password_protect_local_cache set to true without a master password, then it has no effect.

Therefore for Thunderbird 3, as one password now controls access to all accounts, this bug is no longer valid.

For Thunderbird 2, I doubt we'd do a change to fix this as it isn't one of the default options, and slightly more knowledgeable users would just look at the files on the disk to get around this minor level of protection. Therefore this bug would be a wontfix.

Marking invalid as that seems most appropriate to the current development situation.
Last Resolved: 10 years ago
Resolution: --- → INVALID

Comment 3

10 years ago
Created attachment 362891 [details]
Screen shot illustrating problem

This screen shot illustrates the issue: I have authenticated to one server, now I move to another (gmail in this case). The email headers, sender etc. are displayed although I have not yet authenticated.

Comment 4

10 years ago
If I understand the comment from Mark correctly, the proposed usage pattern is to have a single master password if cache access protection is required?

I have to question your usage models...

I don't believe that I am unique in working with multiple organizations, and having email accounts at each. The contents of those emails (including subject and senders) being proprietary to each organization. Simply having those messages display in the wrong situation could be a huge issue.

What I (and presumably a large number of other people) need, is that each mail account be handled independently, and no information or access be displayed until the password for that account has been given.

There are multiple level to security. Physical access to cache disks on file requires physical access to the system. Looking over someone's shoulder at the scree does not.
(In reply to comment #4)
> There are multiple level to security. Physical access to cache disks on file
> requires physical access to the system. Looking over someone's shoulder at the
> scree does not.

Even on the old way of doing things, once you had entered the password once for each account, you'd have to restart Thunderbird to obscure the account again, wouldn't you?

I really think we are getting into extension territory here - even if it means we have to add some extra hooks into the code base to allow extensions to manage extra security points - I don't see this being applicable to lots of users at the moment.

Comment 6

10 years ago
I'd suggest if you want that kind of heavy separation between accounts, just set up multiple thunderbird profiles.

thunderbird.exe -ProfileManager

If you need several profiles running at the same time, you can use the -no-remote switch to start them up.
Duplicate of bug: 318697
You need to log in before you can comment on or make changes to this bug.