Mozilla Thunderbird crew: Secure entire app?

Discussion in 'OT Technology' started by Deevan, Nov 13, 2006.

  1. Deevan

    Deevan Active Member

    Joined:
    Jul 12, 2005
    Messages:
    11,719
    Likes Received:
    0
    Location:
    Orlando, FL USA Posts: 4
    I use SSL and everything to check my email, but I don't like the fact that passwords are stored in plaintext in the application itself. Is there an option to password protect the entire application, kind of like the password protection in outlook?

    Basically, I want to launch it, and have it prompt me for a password before it shows me any folders or checks my pop/imap connections.

    BTW, anyone try out SeaMonkey? Is it worth migrating everything?
     
  2. Bruticus

    Bruticus half dead OT Supporter

    Joined:
    Apr 10, 2004
    Messages:
    4,608
    Likes Received:
    0
    Location:
    Melbourne
    Mine prompts for a password before being able to retrieve any new emails. It doesn't stop anyone checking all the already stored emails I have, but I don't think of that as an issue since I can lock my PC if I want to stop others using it.

    There's probably a way to store them securely but I don't really have the need to go search for one right now.
     
  3. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    SeaMonkey is Netscape Communicator 4.0. No, I don't mean it's LIKE NetComm4, I mean it IS NetComm4. I suppose some of the code has been updated, but using it for a day was like walking through a shipwreck in the middle of a renovation into a cruiseliner. Spooky.

    You could try installing the DoD extension. That would force the app to run in its most secure mode. If you're concerned about the Password Manager config file being accessed by boogiemen, you could use NTFS encryption on the file so it can only be read by people with access to your user account.
     
  4. mdaniel

    mdaniel S is for Shiksa

    Joined:
    May 6, 2000
    Messages:
    52,500
    Likes Received:
    315
    Location:
    Northwest Mejicooooooo
  5. piratepenguin

    piratepenguin New Member

    Joined:
    Jun 18, 2006
    Messages:
    1,067
    Likes Received:
    0
    Location:
    Ireland
    NetComm.. Never used. But SeaMonkey is pretty much the same as the Mozilla Suite I've used, and I love that. (Although I don't use it fulltime - that's what Firefox is for, since web-browsing is all I use it for)
    Or just lock down the file permissions? The applications should already do that, at least on GNU/Linux, I'd expect the same to be true for Windows.
    Noone's getting in there. (unless they boot up a livecd, I guess the encryption would help big time there)

    signons.txt is where the saved passwords are stored btw. Well that's for Firefox, but it should be the same for TB. They're quite definitely not human readable, but I bet they wouldn't be hard to crack.
     
    Last edited: Nov 14, 2006
  6. Deevan

    Deevan Active Member

    Joined:
    Jul 12, 2005
    Messages:
    11,719
    Likes Received:
    0
    Location:
    Orlando, FL USA Posts: 4
    Yeah, I may have to switch back to Eudora to do that, which is exactly what I need.
     
  7. Deevan

    Deevan Active Member

    Joined:
    Jul 12, 2005
    Messages:
    11,719
    Likes Received:
    0
    Location:
    Orlando, FL USA Posts: 4
    The only problem is I'm in an environment where domain policy will still allow people in.

    As for seamonkey == netscape... O'Rly?
     
  8. Deevan

    Deevan Active Member

    Joined:
    Jul 12, 2005
    Messages:
    11,719
    Likes Received:
    0
    Location:
    Orlando, FL USA Posts: 4
  9. Deevan

    Deevan Active Member

    Joined:
    Jul 12, 2005
    Messages:
    11,719
    Likes Received:
    0
    Location:
    Orlando, FL USA Posts: 4
    So even though they have access to the EXE it will fail since they don't have the permissions? (I'm talking Windows based here.)
     
  10. piratepenguin

    piratepenguin New Member

    Joined:
    Jun 18, 2006
    Messages:
    1,067
    Likes Received:
    0
    Location:
    Ireland
    They shouldn't have access to your profile directory which is where all your personal data is stored (passwords etc). (I haven't tested that on Windows .. you may want to confirm it. Google will help you find the profile directory, right click > properties > permissions tab (only some versions of Windows have it I think, dunno wtf you're supposed to do when it doesn't, maybe command-line stuff, haha))

    That's if they're using a separate user account. If you're letting them use your account well then good luck to ya.
     
  11. Deevan

    Deevan Active Member

    Joined:
    Jul 12, 2005
    Messages:
    11,719
    Likes Received:
    0
    Location:
    Orlando, FL USA Posts: 4
    No, the profile is locked down from actual human beings in the area, at least the .\application data and .\local settings directories. I guess that would be a simple fix.

    One stipulation is that I have a VNC and a DameWare port opened up to me at all times, that's primarily what I'm worried about, that's why I'm looking at the TrueCrypt suggestion. There are times where I will be logged in and a vendor may need to access my desktop. I really don't want to go back to Eudora... :wtc:

    I may just throw it on another PC, although getting one purchased is a pain in my arse.
     

Share This Page