cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
abre
Making moves
Status: New idea

Today we are operating by dosens of sites on each work session, including authorization, by the way there is no ability to defend such a sensitive data as authorization cookies. More precisely, there is one - to check a setting to delete all cookies on browser window close but if we use it we have to re-authorize on all our sites  on every new work session. In addition, the use of this setting also has the following disadvantages:

1. All cookies aka authorization keys are being stored in simple sqlite db in user profile folder, which makes it possible to steal this sensitive data when an attacker has physical access to a computer, or via use of viruses.

2. If you did not close the firefox window properly, but instead, for example, simply disconnected the computer from electricity, on the next download you will have firefox window opened with all sites authorized, despite the setting for deleting cookies.

With all these problems, the ability to encrypt passwords using a primary key, which is available in the browser, looks like a mockery.

It is proposed to add to the browser the ability to encrypt cookies using the primary key as well, so if it was not entered when the browser was opened, and the browser was started without entering the primary key, the entire set of cookies from the previous session would be erased.

5 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

alezozov
New member

Good idea, waiting for implementation 

abre
Making moves

Conceptually, this is such an opportunity to block the browser (more precisely, the working environment in the browser) with a master password from an attacker who has gained access to your account on a computer. There is such protection in the password storage clients, including Firefox's built-in password storage functionality, then what is the difference between the cookie storage, which remains completely open at the moment?

ymirer
New member

I also find it annoying opening a new session in browser and having my Gmail account open and available even when the primary password is not entered. On the other hand, exiting the Gmail session every time is not convenient, and besides that, I often forget to do this.

jmlvargas
New member

I've been waiting for this feature for a long time. My current approach is to log in only in private mode, so nothing is stored in clear text in the workstation (I hope...), but that kinda sucks because I have to re-login to every site I use.