April 25, 2005, 3:25 PM — 
This book provides tips and tools for customizing
Firefox's deployment, appearance, features, and
functionality. The chapter excerpted here describes
how to change the security defaults in Firefox.
Author: Nigel McFarlane
ISBN: 0-596-00928-3
Posted with permission of O'Reilly. Click here
for a detailed description and to learn how
to purchase this title.
Chapter 2: Security
Hacks 11-21
This chapter describes how to change the default security
arrangements in Firefox. Security is a big subject, and it has plenty
of baggage all of its own. One person's safety is
another's prison. One person's
privacy is another person's isolation. Changing
security options amounts to changing who you are or
aren't willing to deal with. It also amounts to
deciding how much you're willing to let third
parties know when you're browsing the Web.
When you install Firefox, the default
security settings give you a safe web
browser. It is quite hard to create large holes by accidentally
changing options. Firefox has also been closely inspected for
internal problems. As a result, the browser and its underlying
Mozilla technology have an excellent security track record. Rarely is
a new security problem uncovered. When that happens, it is usually
fixed within a day. The Firefox Update Manager informs you of new
security patches, if any are made available.
If you don't care about security at all, you can
simply remove many of the hurdles that Firefox puts in your way.
Security is a complex matter, though. Sometimes, doing away with
security means just that: leaving the browser's
resources open to any exploitation. Some security regimes, however,
don't give you that option. In such cases, the best
you can do is reply "I don't
care" every time you're engaged
over security. There are even rare cases in which
there's nothing at all that you can do to escape
security limitations. It's a case-by-case
environment.
Security concerns and installation processes are two related but
different things. This chapter discusses security only. Chapter 3 describes gritty modifications to the
Firefox install process. Chapter 7 and
Chapter 8 describe a form of programming
that's also a blend of installation and security.
See those chapters to go further with the chrome.
Drop Miscellaneous Security Blocks
If your computing environment is secure, then
Firefox's own security is of limited use.
To systematically address every single security restriction,
you'll have to read all the hacks in this chapter;
it's just too complex for one hack. This hack
describes many common quick fixes. You might also want to read [Hack #7].
Supply Passwords Automatically
You don't need to constantly reassert your login
credentials; you can get Firefox to do it for you. NTLM and dial-up
passwords are described in [Hack #14] and [Hack #26] respectively; here, we cover
web form passwords and cookies.
The Password Manager is turned on
automatically when Firefox starts; all you get is a first-time
warning when you use it. Setting a master password serves no purpose
if you're trying to defeat security, so the Password
Manager saves you that hassle by default. You can stop the remembered
passwords from ever expiring by setting this
preference:
|
Session IDs are like passwords: they're sent by web
sites that want to keep track of you as you move between web pages.
Usually they're stored as
cookies:
the correct jargon for web-based session IDs. Cookies are sent
between Firefox and the web server as a simple string of plain text
in a special HTTP header line. If you have an extension installed
that's an HTTP header diagnostic [Hack #51], you can see cookies go to
and fro. Firefox has cookie support turned on by default. If you want
to configure cookie processing explicitly, use these preferences:
