Re: roadmap discussions

[Mystilleef <mystilleef gmail com>]

In Firefox, for example, when properly configured, after I quit it,
all my previous information, like the sites I visited, passwords,
cookies etc are deleted. So when a new user launches a new instance of
Firefox on the same user account, they don't have access to any of my
activities.

Epiphany currently doesn't do this. Even after I quit Epiphany an
intelligent user can have access to all my browsing activities and
even gain access to my confidential sites e.g my bank account site.
And this has nothing to do with the back button. I think the fault is
the password management system Epiphany uses. If users accept to store
the password of an account to hard disk, Epiphany will gladly
automatically enter the password anytime any user accesses the site.
The problem isn't abated especially since Epiphany stores the history
of websites that are weeks old. To make matters worse, we have cookies
that live for months.

I think that must have been what happened in my situation which is
ironic because I don't use the password manager thingy, so I must have
erroneously told Epiphany to save that information to disk and
automatically enter it anytime I visited the site. Either way, it is a
big security disaster and I haven't figured out how to turn the
password management thing off. Plus I am too lazy to delete cookies,
history pages, passwords, cache etc every time I exit Epiphany.


On Mon, 29 Nov 2004 22:03:57 +0100, Christian Persch <chpe gnome org> wrote:
> Hi,
> On Mon, 2004-11-29 at 19:01 +0000, Mystilleef wrote:
> >  I have
> > already been bitten by Epiphany's insecure default settings. (Bug
> > 150680)
> 
> I don't think this has anything to do with epiphany. I've seen the same
> thing (i.e. Back button being able to go back to secure login-only pages
> after "Logout") in epiphany, galeon and firefox.
> 
> Regards,
>         Christian
> 
> 


-- 
"My logic is undeniable."