canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Reviews/CleanUpUserProfile: Difference between revisions
Jump to navigation
Jump to search
Security/Reviews/CleanUpUserProfile (view source)
Revision as of 19:07, 3 February 2012
, 3 February 2012no edit summary
No edit summary |
No edit summary |
||
| Line 14: | Line 14: | ||
** Uses the filesystem timestamp of existing profile locks and prefs to track successful startups | ** Uses the filesystem timestamp of existing profile locks and prefs to track successful startups | ||
** Write to or touch a file in the profile to indicate a safe previous startup | ** Write to or touch a file in the profile to indicate a safe previous startup | ||
** Write to or touch a file in the profile to indicate startup was attempted, delete on success | ** Write to or touch a file in the profile to indicate startup was attempted, delete on success | ||
|SecReview solution chosen=* ''Reset user profile'' | |SecReview solution chosen=* ''Reset user profile'' | ||
* The ability for a user to return to their problem profile before the reset avoids dataloss caused by a cleaning up an existing profile. | * The ability for a user to return to their problem profile before the reset avoids dataloss caused by a cleaning up an existing profile. | ||
| Line 51: | Line 50: | ||
** Also consider migrating the cookie expiration preferences (keep until they expire, i close firefox, etc.) | ** Also consider migrating the cookie expiration preferences (keep until they expire, i close firefox, etc.) | ||
** not migrating permissions.sqlite - which includes site specific permissions (whether to load images, block cookies, etc). This could be the reason the user wants to migrate to a new profile, so copying this file over won't help the user. It would be helpful (from a security standpoint) to keep the users preferences, but it could cause the user pain if its the root of the problem with their profile. So we're okay with not migrating this. | ** not migrating permissions.sqlite - which includes site specific permissions (whether to load images, block cookies, etc). This could be the reason the user wants to migrate to a new profile, so copying this file over won't help the user. It would be helpful (from a security standpoint) to keep the users preferences, but it could cause the user pain if its the root of the problem with their profile. So we're okay with not migrating this. | ||
}} | }} | ||
{{SecReviewActionStatus | {{SecReviewActionStatus | ||
|SecReview action item status=In Progress | |SecReview action item status=In Progress | ||
|Feature version=Firefox 13 | |Feature version=Firefox 13 | ||
|SecReview action items=* | |SecReview action items=* WHO ][ What ][ By When ][ Status | ||
* mnoorenberghe ][ Followup - what's in the cert8.db? We won't be migrating those. ][ before migrating to Aurora ][ In Progress | |||
* mnoorenberghe ][ check on migration of DNT pref, master password ][ before migrating to Aurora ][ In Progress | |||
* | Not sure what the plan is for add-ons (plugins, extensions, themes). They would be disabled, but we might not migrate. Also questions on how that would work with sync. | ||
Is there anyway to get to the profile manager for someone who has no idea how to use the command line? | |||
How do other browsers handle this? Do they delete the old profile? | |||
* IE does not support profiles, if you reinstall it over-writes | |||
* | |||
* | |||
}} | }} | ||