558580 - Firefox overrides windows EFS settings and creates files unencrypted

Status: RESOLVED DUPLICATE of bug 483192

(Core :: Networking: File, defect)

Description

[sillygates]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729)

In windows, when you have a directory with EFS enabled (right click->properties-> enable encryption), all files below the directory inherit the encryption requirement by default.

I have my downloads directory set to encrypt files. When I download any file firefox creates a filename.txt.part and a filename.txt . Encryption is properly inherited by the 0 byte filename.txt file, but the .part file is created without encryption.

When firefox moves the .part file to the original filename, it doesn't get encrypted either, meaning that the file is being stored as plaintext.

This is a huge security concern as documents that I download often contain personal data. This data should never exist on disk in an unencrypted form.

The .part should be encrypted at all times.

Reproducible: Always

Steps to Reproduce:
1. Enable EFS on your downloads folder ( right click -> properties -> advanced-> encrypt), apply.
2. create files with notepad/etc. Observe that encryption is inherited by default (the filenames in windows explorer will show up in green).
3. Download a file with firefox to your downloads directory.
4. Observe that the file is not encrypted.
Actual Results:  
Firefox overrides the encryption settings on my downloads directory.

Expected Results:  
Firefox downloads should be encrypted. Firefox shouldn't have to do anything special to have windows encrypt the file. The NTFS driver does it by default to new files created in the directory.