Page 1 of 1
Timeout of Temporary Permissions
Posted: Fri Apr 15, 2011 10:20 am
by forfrom1337
I know it seems greedy to ask for even more
but I'd love to see an options to set a timeout of temporary permissions if I'm not currently on this specific site.
For example:
I've set the option to allow the current Top-Level-Side temporarly. So when I'm on google.com I can "enjoy" the site fully. But as soon as I leave google.com, I don't need their scripts - but they're still allowed.
I know I can press the option to withdraw them, but I'm going for "convenience" here
Re: Timeout of Temporary Permissions
Posted: Fri Apr 15, 2011 1:03 pm
by dhouwn
Makes sense in the sense that someone might have a habit of not shutting down and therefore not closing Firefox anymore, but then to what arbitrary value should the time-out be set?
Another idea, how about changing the definition of temporary in the sense that a permission get revoken once you surf away from the domain where you allowed it?
Re: Timeout of Temporary Permissions
Posted: Fri Apr 15, 2011 1:37 pm
by Alan Baxter
dhouwn wrote:
Another idea, how about changing the definition of temporary in the sense that a permission get revoken once you surf away from the domain where you allowed it?
Any timed automatic revocation of permissions would be less convenient for me. I've grown accustomed to having temporary permissions persist until I restart the browser or manually remove one or more of them. In the course of multitasking I often surf away from a domain and return to it sometime later during the same browsing session.
Re: Timeout of Temporary Permissions
Posted: Mon Apr 18, 2011 8:38 am
by forfrom1337
Alan Baxter wrote:dhouwn wrote:
Another idea, how about changing the definition of temporary in the sense that a permission get revoken once you surf away from the domain where you allowed it?
[...] In the course of multitasking I often surf away from a domain and return to it sometime later during the same browsing session.
Getting a permission revoked once you surf away would make even more sense! As soon as you go back, depending on your configuration, you can give that site the permission back!
Re: Timeout of Temporary Permissions
Posted: Mon Apr 18, 2011 2:08 pm
by Alan Baxter
No, when I set a Temporarily Allow, I want it to persist for the rest of the browsing session or until I manually revoke it, especially if I may return to the site later. Having to reset the Temporarily Allow every time I surf back to the site would be a PITA.
BTW, I know you didn't say it's a security issue. Good, because it isn't. You should never Allow an untrusted site, even temporarily.
Re: Timeout of Temporary Permissions
Posted: Tue Apr 19, 2011 6:49 am
by forfrom1337
Alan Baxter wrote:No, when I set a Temporarily Allow, I want it to persist for the rest of the browsing session or until I manually revoke it, especially if I may return to the site later. Having to reset the Temporarily Allow every time I surf back to the site would be a PITA.
It depends on what configuration we're talking about:
If you DO NOT allow the current top-level-domain automatically and you set up "manually" which site to allow temporary, it does makes sense to keep that permission for the rest your browsing session.
but: if you, as I do, DO allow the current top-level-domain automatically, I usually do not need the permissions of the other pages I visited earlier. Best example would be facebook:
I don't have set up a specific facebook-authorization, it gets allowed as long as I'm on facebook. But I don't want to allow the facebook-scripts on any other page and yet they are, because I visited facebook earlier!
Alan Baxter wrote:BTW, I know you didn't say it's a security issue. Good, because it isn't. You should never Allow an untrusted site, even temporarily.
No, of course not!
Re: Timeout of Temporary Permissions
Posted: Tue Apr 19, 2011 1:30 pm
by Alan Baxter
forfrom1337 wrote:
If you DO NOT allow the current top-level-domain automatically and you set up "manually" which site to allow temporary, it does makes sense to keep that permission for the rest your browsing session.
Bingo! I
never allow the top-level-domain automatically. When I visit a site whose server has been hijacked, I don't want scripting to be enabled for any site to which it redirects me, i.e. it's safer to Allow a site only after seeing what site you're allowing.
but: if you, as I do, DO allow the current top-level-domain automatically, I usually do not need the permissions of the other pages I visited earlier. Best example would be facebook:
I don't have set up a specific facebook-authorization, it gets allowed as long as I'm on facebook. But I don't want to allow the facebook-scripts on any other page and yet they are, because I visited facebook earlier!
If I were you, I'd put the NoScript
Revoke Temporary Permissions button on a toolbar and click it when leaving a Facebook.
Or better yet, you can have ABE do the equivalent automatically.
http://noscript.net/faq#qa8_10
Code: Select all
# facebook.com containment rule
# This rule allows Facebook scripts objects and frames to be included only
# from Facebook pages and apps
Site .facebook.com .fbcdn.net .facebook.net
Accept from .facebook.com .fbcdn.net .facebook.net .mafiawars.com .eamobile.com
Deny INCLUSION
Alan Baxter wrote:You should never Allow an untrusted site, even temporarily.
No, of course not!
I think you're effectively doing this by
automatically TAing top-level sites. (Reference the risk of using that option I mentioned earlier.)
Re: Timeout of Temporary Permissions
Posted: Wed Apr 20, 2011 6:34 am
by forfrom1337
you're right... I'll have a look at the automatic permissions!
also thanks for the hint about ABE!! I'never got what that is but it seems very helpfull!
Re: Timeout of Temporary Permissions
Posted: Wed Apr 20, 2011 2:21 pm
by Alan Baxter
You're welcome.
Re: Timeout of Temporary Permissions
Posted: Thu Apr 21, 2011 7:40 am
by forfrom1337
I'm sorry, but I've got to ask again so that i really understand this:
I disabled the automatic permission.
Now I surf on facebook and put facebook on my whitelist BUT i only want to allow facebook when i''m actually on facebook. Is this beeing taken care of by the mentioned ABE-Code???
Re: Timeout of Temporary Permissions
Posted: Thu Apr 21, 2011 10:34 am
by Giorgio Maone
forfrom1337 wrote:
Now I surf on facebook and put facebook on my whitelist BUT i only want to allow facebook when i''m actually on facebook. Is this beeing taken care of by the mentioned ABE-Code???
Yes it is.
Re: Timeout of Temporary Permissions
Posted: Mon May 09, 2011 7:16 am
by forfrom1337
Giorgio Maone wrote:forfrom1337 wrote:
Now I surf on facebook and put facebook on my whitelist BUT i only want to allow facebook when i''m actually on facebook. Is this beeing taken care of by the mentioned ABE-Code???
Yes it is.
I'm sorry, but I've got to ask again:
I assume this ABE-Code is a USER-Rule?
I used it as a SYSTEM-Rule for some time and it worked. But for some reason it won't now, even when I put it "declare" it as a USER-Rule. Facebook scripts remain prohibited.
So my question is: Do I have to permanently allow facebook first?