secure the portable firefox folder help please
i want to make portable browser with setting i already did in it and send it to many users all setting must be private so i want the users to only can open the portable browser and use it as it is so i search add ones for security so i install these add-ones --- Public fox ( so i protect the menu from opening only with password ) Menu Editor ver 1 ( so i hide the right click ) addblock plus + addblock plus element hide ( so i hide some buttons in the page i dont want users to open or click like logout button and change password ) App Button Remove ( to remove the firefox orange top left button ) --- i have some setting in that browser for a specific site i want to share it with my own credential ( usr & pw ) and use it so i bookmark the site and set it already as home page and fill in my own proxy in the network tab so when all users are using it the website dos not complain about multi-login users -- i though all this was good and secure i pack (zip) the FF portable and send it to all users but suddenly they complain about they are logged out !!! then a user came to me and told me what he did "he go in the profile folder and delete all extensions and start ff portable again and he can access every thing the loggout button ( int he site ) and remove the proxy from the menu"
so i need help to protect the profile folder from changer after i send it to the users or at least i want to protect the extensions files from deleting ?????
any one can help me please to make this secure ?
Modified
All Replies (20)
hello Motasem, i don't think that the amount of security you aiming for is achievable in this case. everyone can go into the filesystem and delete extension files or even copy the files that hold your credentials and reconstruct the username/password this way - there's not much you could do about that without full control of the user's system. in any case this goes beyond the scope of this forum which is intended for end-suer support, so i'm afraid we won't be able to come up with a solution to your problem. thanks for your understanding though...
ok so i want to ask about something else is there an add-one can manage firefox like server and client ? by the means remote configuration file and i can host it so if i configure my host all client firefox users setting is changed ??? can this be done ?
It sounds as if you trying to control other computers.
Presumably you are providing computers creating a network and deploying software including Firefox on them.
- Is that correct ?
- Do you have full admin access to all these other computers ?
You are the System Admin for a network ?
If so it is out of scope of this forum but before closing the thread we can provide some potentially useful links. Please explain what you are tying to achieve.
Or are you trying something else such as trying to distribute a modified Firefox outside your own organisation
You said i want to make portable browser Presumably this is Firefox based or you would not be posting here.
You may need to contact Mozilla (Firefox) to check on the legality of what you are doing especially if Firefox name or logos are used unless it is unmodified. You may find some of this information applicable or of interest.
P.S. also see http://www.mozilla.org/en-US/foundation/trademarks/policy/ and http://mike.kaply.com/2010/08/05/creating-a-customized-firefox-distribution/
Modified
no its not how u understand it i will be brief again i have an account in website i want to share it to my friends but i dont want them to control any thing like logout of the account or delete files in the account storage so whats the best scenario ?
Hi again Motasem,
I am not sure I understand what you are attempting to do.
I will leave it to others who may understand better your explanation and intentions. I am not even sure if you mean you have a site set up on an private intranet or the internet.
Initially I got the impression one of your intentions was to distribute a browser but disable some of the browser features and allow the browser access to one of your Network accounts. Even if you do that what is to stop users installing another browser and using that instead ?
You also appear to be asking about server security that is a vast topic but not within the scope of this forum.
Sorry I am not able to provide you with a suitable answer, but if you have no answer after the weekend please post back again and I will ensure the thread is marked for further attention. Although the answer may well be that you should seek advice elsewhere.
"Even if you do that what is to stop users installing another browser and using that instead ? " because when i make secure browser from changing i will login with the account and close the browser so the cookie dos not expire and then when i give them the portable browser with proxy i already set it up in FF portable the server will not detect multi login :) and they will not log out and will not know the orginal username and password
See also:
- http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/
- http://mike.kaply.com/2012/03/22/customizing-firefox-advanced-autoconfig-files/
- http://mike.kaply.com/2013/02/11/add-ons-in-the-distribution-directory/
- http://mike.kaply.com/2012/02/09/integrating-add-ons-into-firefox/
I'm not sure what will apply to the portable version.
every thing there correct but i dont know anything about programing any other solution? btw thanks for all replays
i try this also so i can edit the perfs.js and other files but it also need a well known for programing http://sourceforge.net/projects/foxlock/
The one you found is pretty nice, for your local users who have multiple profiles these may be helpful.
- Profile Manager for the users who are getting their profiles wiped. Ask them to create a new Profile before overwriting their profile files.
[https://addons.mozilla.org/en-US/fire.../profileswitcher/]
- Managing Profiles [https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-fi...]
Other extra info on configuring proxy and locking preferences in the autoconfig file:
Note that current Firefox version no longer use ROT13 by default (i.e. general.config.obscure_value = 0) to obsure the mozilla.cgf file.
You also won't find separate firefox.js and all.js files for the default pref settings as all these files have been moved to omni.ja archives.
i want u all to test this portable browser i have made i have spent alot of time securing it really ...
i still have one problem and that is all this security can be override if some one go in profile folder and delete all extensions ...
final request that i need to secure extensions folder replay after test ... if you need the password to see my settings here it is 5055524 and download link here http://www.mediafire.com/download/n1qgxni45ekn12v/test-browser7z
Hi again Motasem,
Could you explain again what the download is that you are asking us to look at. Are you saying it is a browser based on Firefox portable code (presumably you just took those files as they are in the Firefox portable browser) pre packaged with additional add ons.
What is you first language ?
I am thinking it may not be English.
Perhaps it helps if you reply in both your first language and in English.
Could you also try to explain how you are intending to use this.
- Is it for use within your company for instance by your employees on computers you own and control.
- or being sold or given away for use on other peoples computers.
hello again Im Arabian From "Jordan" and i speak English because it the Language of the word so every one understand me. --- what u said is correct and this is what im trying to archive sir its "packaged with additional add ons" so that is finally how i want my browser to look like and with its all security nothing more expect ... if you or anyone els have seen that when u open the browser i already set the home page for a site called "www.zbigz.com" and this's the site i want to share it with my friends and my point of securing the firefox is to make sure none of my friends press logout or change the proxy i have enter it in network tap ... why ? because when they all work under the same proxy the site cannot detect multi login or he willl log out all users ... in the other hand i don't want to share the user and pw with them and thats the point i made this portable browser for use only and prohibited the changes can be done for it but all this security can be override if some one deleted the extension folder inside profile.
i have a new idea maybe it can help you to help me ! is there an extension to protect all profile folder IN CASE OF ANY FILE DELETED IT WILL DELETE ALL PROFILE FOLDER ? btw its not for company and not for sale its for free to my friends only all i want it to share premium account.
hello, it will always possible to go into the profile folder and extract the files which hold the passwords to the account and access them in another installation -> Recovering important data from an old profile
not to speak of launching firefox in safemode which will disable all the pseudo "protection" provided by extension.
it would take a whole software development/engineering effort to somehow encrypt and shield the profile from access and checking its integrity - as said in my first reply this cannot be done just with the means of firefox, so this will go far beyond what we can provide help for here in this forum!
dead end ? or wrong turn ?
Modified
i'd say you'd either have to trust your friends so that you could leave out all those measures or else it will be an endeavour that leads to a dead end...
i trust no one.
Motasem,
I have received confirmation that if you have modified the source code, then this could not be distributed with the official Firefox name. This is the same for the configuration files.
Modified
is installing add ones means changing the source code ? if no means i didnt change / if yes sorry i didnt know that add ones changes the cource code btw im not a programer at all