Discussion: Site Specific Permissions Policy

Bug reports and enhancement requests
Luke 2

What to allow and what not to allow???

Post by Luke 2 »

I am a new user with questions I haven't found answers to.

On a pages which I trust and use frequently, do I check "allow all on this page" or do I need to go through each one of anywhere from 3 to 10 or more other things listed. Frankly I don't know what almost any of these others are for but these are all mainline websites. Also it seems that if I do not allow "all" the warning bar keeps popping up.

Also, if I allow all sites bookmarked in the menu it appears that maybe the program does not allow all other listed on the site cause the bar at the bottom of the screen still pops up. If the page works ok, that would be fine with me but the bar continuing to pop up would get annoying real fast. Or does that eventually go away after continued visits.

Thank you for any feedback.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: What to allow and what not to allow???

Post by GµårÐïåñ »

Ultimately choosing what to allow and what not to allow is a personal choice and depends on what you know about it and how you feel about it. There are some anecdotal information out there as to what to block and what not but it is not something that is implemented right now in NoScript as it is quite subjective. Here are your options:

1. If you trust the main site and don't care what they are linking to, then go ahead and "Allow all this page"
2. If you trust the main site but want to make sure there is no linking to anything you don't like, then you need to go through and I recommend declaring your untrusted sites BEFORE you do your allowed sites
3. If you don't want the notification to come up, then you can go to Options|Notifications|Uncheck the "Show message about blocked objects" and manage the blocking/allowing only through the icon in the statusbar or you can check the "Hide after <n> seconds" option in the same place and that way it will go away after a time and you won't see it.

You have a plethora of options here, you just need to subjectively/objectively choose what works for you and make the changes. Good luck.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 FirePHP/0.2.4
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: What to allow and what not to allow???

Post by Giorgio Maone »

You may find these FAQs helpful.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: What to allow and what not to allow???

Post by GµårÐïåñ »

Absolutely, straight from the man himself. :P
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 FirePHP/0.2.4
Luke 2

Re: What to allow and what not to allow???

Post by Luke 2 »

Thanks Giorgio for your help. This is making sense. Maybe a bit painful at first but I can already see that part of it diminishing rapidly and should be very well worth it.

Thanks again for your help.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8
onguarde
Posts: 4
Joined: Sun Apr 12, 2009 11:24 am

True Site-Specific Blocking Feature

Post by onguarde »

Peace all!

First and foremost, thanks for the great software!

It would be great to include true site-specific javascript blocking. For example, allow mail.google.com but disallow google.com(normal searches) . This doesn't seem to be possible now. Do correct me if I'm wrong..

Thanks in advance!
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Alan Baxter
Ambassador
Posts: 1586
Joined: Fri Mar 20, 2009 4:47 am
Location: Colorado, USA

Re: True Site-Specific Blocking Feature

Post by Alan Baxter »

onguarde wrote:Do correct me if I'm wrong..
With pleasure! :D
In the NoScript Options > Appearance panel, tick Full Domains and Base 2nd level Domains.
Go to the gmail page, bring up the NoScript menu, and click on Forbid google.com (assuming it was allowed already).
After the page reloads, tick Allow mail.google.com. This whitelists the mail.google.com subdomain without allowing the rest of google.com or its other subdomains.

Hope this helps. Please let us know whether it does.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.9
onguarde
Posts: 4
Joined: Sun Apr 12, 2009 11:24 am

Re: True Site-Specific Blocking Feature

Post by onguarde »

Ah thx! Couldn't believe this hid from me for so long.

Perhaps this could have been made the defaults.
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4pre) Gecko/2008101119 Firefox/3.0.4pre (Swiftfox)
Alan Baxter
Ambassador
Posts: 1586
Joined: Fri Mar 20, 2009 4:47 am
Location: Colorado, USA

Re: True Site-Specific Blocking Feature

Post by Alan Baxter »

It's a UI usability trade-off. Providing the user with too many choices is often confusing. Most of the time Allowing or Temporarily Allowing the Base 2nd level domain is what's desired. The Cookie Monster and CookieSafe extension developers were faced with the same choice, and chose the Base 2nd level domain default too.

I used to display Full Domains, but eventually found it makes the menu too long for my taste when there are lots of third-party scripts. Now I'm back to the default display, and temporarily tick Full Domains when I need to, which isn't very often.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.9
onguarde
Posts: 4
Joined: Sun Apr 12, 2009 11:24 am

Re: True Site-Specific Blocking Feature

Post by onguarde »

I agree the menu can get really cluttered at times.

One way around this is to not show "forums.informaction.com" when you are at www.informaction.com and vice versa.

Also, the "allow all option" should be disabled in favour of the "temporarily allow" options. The set site preferences can then be made permanent via "Make settings permanent"(1 liner vs many for each site)
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4pre) Gecko/2008101119 Firefox/3.0.4pre (Swiftfox)
Alan Baxter
Ambassador
Posts: 1586
Joined: Fri Mar 20, 2009 4:47 am
Location: Colorado, USA

Re: True Site-Specific Blocking Feature

Post by Alan Baxter »

@onguarde:
No problem, but you could have edited your previous post with the EDIT button instead of updating it with a duplicate. Would you like me to delete the obsolete post previous to your update?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.9
User avatar
jm34harvey
Posts: 4
Joined: Tue Apr 07, 2009 1:30 pm

Re: Super Trusted Websites

Post by jm34harvey »

GµårÐïåñ,

Thanks for pointing me at the "individual site policy" discussion. I believe that you might be right about this solving my idea. However, when I searched in all NoScript forums for "policy," I got 20 hits but all but one seemed to be about other policies e.g. sqlite access, extension interaction, etc.

Since I only recognized one topic, "Standard sites no longer work," I don't understand what "Individual site policy" would allow/prohibit or how site interactions would be specified.

Have there been any other discussions related to the proposed "individual site policy" feature?

Thanks again for your response,
John Harvey, Wizened Web Wizard Wannabe
“The significant problems we face cannot be solved at the same level of thinking we were at when we created them.” -Albert Einstein
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 FirePHP/0.2.4
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Super Trusted Websites

Post by GµårÐïåñ »

What I mean by individual site policy is that say you want xyz.com access allowed on gooddomain.com but you don't want any other domain to have access to xyz.com with current setup you allow xyz.com, EVERYONE gets access to it, so you either have to individual allow/temporary allow on gooddomain.com to use it and then forbid it again so other domains don't use it. But with individual site policy style setup, you can allow any specific domain to access a specific site without giving every site the access to that site so it would be like individualized and customized access policy for domains. You would still have the option to global allow/disallow a domain which would apply to EVERY domain as well, but this way you can get creative with it a bit. I hope that expands on the idea and what I meant by individual site policy. Currently I quasi achieve this by using NS in conjunction with RequestPolicy and even Adblock Plus to achieve this behavior but its a pain to maintain across large number of domains.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 FirePHP/0.2.4
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: True Site-Specific Blocking Feature

Post by GµårÐïåñ »

This is good in a pinch but still there are times where you don't want to allow a root level domain for all instances but need to allow it for its own sub-domains to work. You may want to include google.com in using other parts of <sub>.google.com but you may not want to have google.com allowed for someotherdomain.com using it. True site-specific blocking/allowing would be that, but until it comes to NS as a feature, this is the closet way to achieve it and has drawbacks of course.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 AdblockPlus/1.0.1 NoScript/1.9.1.91 RequestPolicy/0.5.4 FirePHP/0.2.4
jalyst
Posts: 10
Joined: Tue Apr 14, 2009 4:18 pm

better ways to allow/dissallow urls and sub-urls

Post by jalyst »

Is there any thought going into this? Just curious..

ATM I rely on right-clicking on the no script icon in the status bar down the bottom and allowing/disallowing from there.
This can be very tedious and having a button up on the main toolbar is not much better..

IMO keyboard shortcuts or the ability to right-click on individual tabs to bring up a similar NS interface would be awesome!
Just some ideas, I'd be interesting in hearing about what other people do !?

Cheers
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9.0.8) Gecko/2009032608 Firefox/3.0.8
Post Reply