Firefox Hacks [Electronic resources] نسخه متنی

Hack 7. Stop Once-Only Dialogs Safely

Don't like to be bothered?
Here's how to shut Firefox up and how to deal with
the consequences.

After first installation, Firefox intermittently throws up a series
of dialog boxes. For a first-time user,
these can be confusing. Here's how to shut them up
if you don't like them. Also here's
how to make them appear, so that you can shut them up if
you're installing Firefox for someone else.

Figure 1-11 shows the first dialog presented.

Figure 1-11. Import Settings startup dialog box

By the time you read this, Firefox will be able to



import from a number of other
browsers, so the Import Wizard might look a bit more detailed than it
is shown here, especially if it detects other browsers on your
computer. You can cancel this import process safely. It can be
repeated at any time after installation from the
FileImport... menu.

Importing is a safe process unless you have sophisticated
favelets
or
bookmarklets
stored in your other browsers. Web developers are the main users of
these small diagnostic helpers. In general, if you choose to import,
there are two consequences. First, the bookmarks toolbar might be
loaded with old stuff that might confuse Granny. Second, the surfing
you did last week with that other browser might be copied into
Firefox. That could be awkward if Granny isn't aware
of your personal style and spots it.

Once Firefox starts, it confronts you with the dialog shown in Figure 1-12.

Figure 1-12. Default Browser selection dialog box

On Windows, this makes small changes to the Registry.
It's harmless to make Firefox the
default browser. If you have accidental
viruses, spyware, or other nasties on your computer, it might improve
security to make Firefox the default. Don't click
Yes or leave the checkbox ticked if temporary product evaluation is
your goal. If you want Firefox to be the default, but you still want
Internet Explorer to work, see [Hack #40] . Whether Firefox checks at
startup time that it's the default browser can be
configured with this preference:

browser.shell.checkDefaultBrowser /* true or false */

The first time you surf to a web site over a secure connection, you
get a warning. Then, when you leave that web site, you get warned
again. Figure 1-13 shows the two warnings.

Figure 1-13. First warnings for Secure HTTP border crossings

These messages are border security warnings. When interacting with a
web site over plain HTTP (that's the normal case),
content sent both ways can possibly be viewed by a spy. If the HTTP
connection is performed over Secure Sockets Layer (SSL), then no spying
is possible. These warnings tell you that you're
either entering or leaving spy-safe territory. If you fail to click
the checkboxes, you'll never be warned again.
You'll never know if you are surfing
"out in the open" or not. But you
also won't be driven crazy by dialog boxes. These
alerts can be set with these preferences:

security.warn_entering_secure             /* true or false */
security.warn_leaving_secure              /* true or false */
security.warn_entering_secure.show_once   /* true or false */
security.warn_leaving_secure.show_once    /* true or false */

The kind of spying
that SSL prevents
is fairly obscure. It requires that someone either wrap equipment
around your physical telephone line or cable line, or else get access
to one of the computers between yours and the remote web site. An ISP
staff member is unlikely to spy like this unless
they're assisting some security agency. Your privacy
might be an issue if you are surfing from inside a corporate
intranet. There, a corporate web server proxy could log any
out-in-the-open activities.

If you are out in the open, web page forms you fill in have the same
problem. The first time you attempt to submit a form,
you'll be greeted with the dialog shown in Figure 1-14.

Figure 1-14. First warning for unencrypted form submission

If you click Continue or Cancel, you'll never see
this warning again, just like the previous examples. Here are the
matching preferences:

security.warn_submit_insecure            /* true or false */
security.warn_submit_insecure.show_once  /* true or false */

Finally, if the web page form is a login form, Firefox will detect this and
ask if you want your login details remembered locally. Figure 1-15 shows the permission request.

Figure 1-15. Password Manager permission request dialog

If you choose Yes, that
password will be
held insecurely on your PC. You must have some other password
protecting your PC if you don't want that password
exposed to office theft. The options are a boot password, a Firefox
master password (ToolsOptions, Privacy, Saved Passwords,
Set Master Password), or a decent operating system login password.
Set this preference for the equivalent effect:

security.ask_for_password /* 0 = once, 1 = every time, 2 = only on expiry */

A password normally expires in 30 days, at which point the user must
enter it again. Here is the preference for the expiry horizon:

security.password_lifetime /* An integer, default = 30 (days) */

Chapter 2 has a lot more to say about security
issues in Firefox, but here's a summary of this
hack: if you always hit Enter or Return when one of these dialogs
comes up, you won't be annoyed by them any more.
Your privacy will be only moderately protected afterward, but your
online safety will remain high.