Changes between Initial Version and Version 1 of Ticket #147

Show
Ignore:
Timestamp:
05/28/08 17:55:50 (18 months ago)
Author:
t-bone
Comment:

I agree, I just haven't gotten to this yet. But I will.

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #147

    • Property version changed from 2.6.1 to 2.0.1

  • Ticket #147 – description

    initial v1  
    1 This is my third attempt to get this error past that idiotic SPAM-filter. Argh! Contacting "t-bone" directly didn't seem to work either, maybe there is a similar SPAM-filter at work (or he simply doesn't like me). And selecting the correct version number for this ticket doesn't work either - 2.0.1 is missing in the drop-down menu.[[BR]] 
    2 [[BR]] 
    3 First off: I really like the visual makeover and massive usability improvements of Resurrect Pages 2.0.1.[[BR]] 
     1First off: I really like the visual makeover and massive usability improvements of Resurrect Pages 2.0.1. 
    42But while Firefox 3.0 introduces quite a few security enhancements and more security-related error messages, Resurrect Pages 2.0.1 blindly injects itself into all of those. 
    53This might not only be considered a security issue, it doesn't make any sense from a usability-related point of view either. 
    64 
    7 Examples:[[BR]] 
    8 ssl_error_bad_cert_domain error (wrong domain):[[BR]] 
    9 *URL removed, or the SPAM-filter eats this ticket* [[BR]] 
     5Examples: 
    106 
    11 sec_error_ca_cert_invalid error (self-singed certificate):[[BR]] 
    12 *URL removed, or the SPAM-filter eats this ticket* [[BR]] 
     7 * ssl_error_bad_cert_domain error (wrong domain) 
     8 * sec_error_ca_cert_invalid error (self-singed certificate) 
    139 
    14 Security concern:[[BR]] 
    15 * None of these pages are actually off-line, Firefox prevents access for good reasons, Resurrect Pages should not offer a possible way around this. This could possible used for man-in-the-middle attacks. 
     10Security concern: 
     11 * None of these pages are actually off-line, Firefox prevents access for good reasons, Resurrect Pages should not offer a possible way around this. This could possible used for man-in-the-middle attacks. 
    1612 
    17 Usability concerns:[[BR]] 
    18 * None of these pages are actually off-line - no reason to show Resurrection-Menu.[[BR]] 
    19 * Resurrection is not an option anyways: No mirror-service in Resurrect Pages actually caches any SSL-encrypted pages, choosing a mirror service in the menu is a waste of time at best.[[BR]] 
    20 * The "Resurrection-Menu" is much more prominent than the only actually working option to gain access to the page ("Add an exception ..." or the link to the correct domain). 
     13Usability concerns: 
     14 * None of these pages are actually off-line - no reason to show Resurrection-Menu. 
     15 * Resurrection is not an option anyways: No mirror-service in Resurrect Pages actually caches any SSL-encrypted pages, choosing a mirror service in the menu is a waste of time at best. 
     16 * The "Resurrection-Menu" is much more prominent than the only actually working option to gain access to the page ("Add an exception ..." or the link to the correct domain). 
    2117 
    2218Resurrect Pages should be much more selective into which error pages it injects itself and generally leave SSL and security-related errors alone.