Author Topic: New Ideas for Comodo Dragon  (Read 270304 times)

Offline Sal Amander

  • Comodo's Hero
  • *****
  • Posts: 742
Re: New Ideas for Comodo Dragon
« Reply #30 on: March 07, 2010, 06:03:53 PM »
I want to be able to make settings per domain. On some websites I like to block cookies on others I don't. Same thing with ads, javascript or flash.

These settings are present in Chromium 5.  ;) Dragon should have them before the end of the year.

Offline x2x3i5x

  • Newbie
  • *
  • Posts: 6
Re: New Ideas for Comodo Dragon
« Reply #31 on: March 08, 2010, 08:31:58 PM »
an adblocker like the one firefox has and also a feature to auto do the clear browser settings options upon exiting CD browser?

Offline Sal Amander

  • Comodo's Hero
  • *****
  • Posts: 742
Re: New Ideas for Comodo Dragon
« Reply #32 on: March 08, 2010, 09:28:23 PM »
an adblocker like the one firefox has and also a feature to auto do the clear browser settings options upon exiting CD browser?

Firefox presently doesn't have an Adblocker built into it. AdBlockPlus is only available as an Add-On/Extension, which in the near future Dragon will have too. Just need to wait on the ABP people and the Chromium community to implement this.

Why clear browser settings on exit? Why not just use incognito mode of Dragon/Chrome?


Offline x2x3i5x

  • Newbie
  • *
  • Posts: 6
Re: New Ideas for Comodo Dragon
« Reply #33 on: March 08, 2010, 09:57:44 PM »
Firefox presently doesn't have an Adblocker built into it. AdBlockPlus is only available as an Add-On/Extension, which in the near future Dragon will have too. Just need to wait on the ABP people and the Chromium community to implement this.

Why clear browser settings on exit? Why not just use incognito mode of Dragon/Chrome?



No reason, but see ChromePlus features.

Offline SS26

  • Comodo's Hero
  • *****
  • Posts: 1925
Re: New Ideas for Comodo Dragon
« Reply #34 on: March 09, 2010, 02:27:07 PM »
Maybe it was already said before....anyway.
Make CD compatible with Ff addons.  The main strength of FF are addons.  Many keep FF only because of its addons which provide every possible and impossible functionality. 


Another useful feature of FF (which may make CD more valuable unless this is already implemented) is ability to keep multiple profiles with different settings/bookmarks/addons on one user account:
Code: [Select]
"C:\Program Files\Mozilla Firefox\firefox.exe" -no-remote -p profilename

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2095
Re: New Ideas for Comodo Dragon
« Reply #35 on: March 09, 2010, 02:36:00 PM »
Quote
Maybe it was already said before....anyway.
Make CD compatible with Ff addons.  The main strength of FF are addons.  Many keep FF only because of its addons which provide every possible and impossible functionality.


Another useful feature of FF (which may make CD more valuable unless this is already implemented) is ability to keep multiple profiles with different settings/bookmarks/addons on one user account:

+1
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline Sal Amander

  • Comodo's Hero
  • *****
  • Posts: 742
Re: New Ideas for Comodo Dragon
« Reply #36 on: March 09, 2010, 02:47:06 PM »
Maybe it was already said before....anyway.
Make CD compatible with Ff addons.  The main strength of FF are addons.  Many keep FF only because of its addons which provide every possible and impossible functionality. 

It's pointless to do this. There's so many technological road blocks that it's impractical to do considering each browser interfaces differently.(Firefox & Dragon)


Quote
Another useful feature of FF (which may make CD more valuable unless this is already implemented) is ability to keep multiple profiles with different settings/bookmarks/addons on one user account:
Code: [Select]
"C:\Program Files\Mozilla Firefox\firefox.exe" -no-remote -p profilename

How many people actually use this functionality? It seems kind of pointless for the most part. Only real use I could see is having multiple users on the same OS Login. (IE for children or grandparents)


Offline Graham1

  • Comodo's Hero
  • *****
  • Posts: 1884
Re: New Ideas for Comodo Dragon
« Reply #37 on: March 09, 2010, 03:51:45 PM »
Regarding add-ons, I think Comodo should develop their own (making CD more secure) but also allow the community to create their own.

:)
Ubuntu 18.04 LTS | Chromium | uBlock Origin | Privacy Badger | HTTPS Everywhere
https://www.thevenusproject.com | Beyond Politics Poverty and War

Offline Watasha

  • Comodo's Hero
  • *****
  • Posts: 820
Re: New Ideas for Comodo Dragon
« Reply #38 on: March 09, 2010, 04:20:44 PM »
Hey, how 'bout this; everyone who wants to use FF....use FF. :o Why does everyone want to make every browser FF? Dragon is based on Chromium, not Mozilla. Mozilla has made FF into a bloated resource hog and now they (users) seem to wanna do it to all of the other browsers. 88) I know this sounds crazy but bear with me: How about let's make Dragon.....different! :D
Resident: Comodo CIS
AVG Linkscanner

On Demand: MBAM & SAS
Hitman Pro

2010 National Champion Auburn Tigers!!!
WAR EAGLE!

Offline Endymion

  • Comodo's Hero
  • *****
  • Posts: 1360
  • Reality is subordinate to perception.
    • Faces -The Madman (Kahlil Gibran, 1918)
Re: New Ideas for Comodo Dragon
« Reply #39 on: March 09, 2010, 04:22:03 PM »
Another useful feature of FF (which may make CD more valuable unless this is already implemented) is ability to keep multiple profiles with different settings/bookmarks/addons on one user account:
Code: [Select]
"C:\Program Files\Mozilla Firefox\firefox.exe" -no-remote -p profilename

It looks like ATM it is possible to achieve this using shortcuts

Code: [Select]
"C:\Program Files\COMODO\Dragon\dragon.exe"  -user-data-dir="%userprofile%\user1"
Alternate profile folder is created automatically if the user has the necessary rights.
I have learnt silence from the talkative, toleration from the intolerant, and kindness from the unkind; yet strange, I am ungrateful to these teachers.
Kahlil Gibran (1883 - 1931)

Offline Endymion

  • Comodo's Hero
  • *****
  • Posts: 1360
  • Reality is subordinate to perception.
    • Faces -The Madman (Kahlil Gibran, 1918)
Re: New Ideas for Comodo Dragon
« Reply #40 on: March 09, 2010, 04:58:49 PM »
These settings are present in Chromium 5.  ;) Dragon should have them before the end of the year.

Chromium 5 UI design for these settings suffers from serious drawbacks:

  • Difficult to remove all existing cookies without deleting extensions local storage
  • No way to manage per site/url preferences (cookies, popups javascript) using a single dialog
  • No webpage right-click shortcut to access per-site preferences

Is there any plan to overcome those shortcomings in Dragon?

Perhaps implementing something like this:






« Last Edit: March 09, 2010, 05:03:52 PM by Endymion »
I have learnt silence from the talkative, toleration from the intolerant, and kindness from the unkind; yet strange, I am ungrateful to these teachers.
Kahlil Gibran (1883 - 1931)

Offline Endymion

  • Comodo's Hero
  • *****
  • Posts: 1360
  • Reality is subordinate to perception.
    • Faces -The Madman (Kahlil Gibran, 1918)
Re: New Ideas for Comodo Dragon
« Reply #41 on: March 09, 2010, 05:29:49 PM »
About secure password handling...

Chromium 1.0 failed many tests meant to evaluate the security of inbuilt password management features.

Those tests by Chapin Information Services are not available anymore but there is still a description on newsgropus.

Though not unlikely, it is unclear whenever Chromium improved its implementation.

Will the the following scenarios be tested on Dragon and the tests publicly released (like CLT)?


Image from http://www.p2pnet.net/story/17871

Action Authority Checked on Retrieval

To pass this test, the PM must never deliver a password to a domain other than the
one to which the password was delivered when it was saved. For example, if a password
is saved on a self-referring form, and then automatically filled in another form that
points to a different website, then the PM has failed this test.

Action Authority Checked on Save

To pass this test, the PM must never overwrite the destination domain name of a
password without explicit user interaction. For example, if a password is first saved
on a self-referring form, and then re-saved on a form that points to a different
website, and the PM prevents the password from being filled on the original form,
then the PM has failed this test. Note the implicit requirement that a PM must
distinguish authorities on retrieval.

Action Authority Raises Warnings

To pass this test, the PM must warn the user if the action authority does not match
the page authority. For example, if a login form at www.info-svc.com:80 points to
google.com or to www.info-svc.com:81, and the PM allows a user to save or submit a
password using this form without notice, then the PM has failed this test.

Action Path Checked on Retrieval

To pass this test, the PM must never deliver a password to a path other than the one
to which the password was delivered when it was saved. For example, if a password is
saved on a self-referring form, and then automatically filled in another form that
points to a different parent directory, then the PM has failed this test.

Action Path Checked on Save

To pass this test, the PM must never overwrite the destination path of a password
without explicit user interaction. For example, if a password is first saved on a
self-referring form, and then re-saved on a form that points to a parent directory,
and the PM prevents the password from being filled on the original form, then the PM
has failed this test. Note the implicit requirement that a PM must distinguish paths
on retrieval.

Action Scheme Checked on Retrieval

To pass this test, the PM must never deliver a password using a protocol other than
the one by which the password was delivered when it was saved. For example, if a
password is saved on a self-referring web page, and then automatically filled in
another form that uses e-mail to deliver the password, then the PM has failed this test.

Action Scheme Checked on Save

To pass this test, the PM must never overwrite the destination scheme of a password
without explicit user interaction. For example, if a password is first saved on an
http: form, and then re-saved on a form that uses https: or mailto: and the PM
prevents the password from being filled on the original form, then the PM has failed
this test. Note the implicit requirement that a PM must distinguish schemes on retrieval.

Action Scheme Raises Warnings

To pass this test, the PM must warn the user if the action scheme is potentially
unsafe or does not match the page scheme. For example, if a login form uses an e-mail
application that will display the password on screen, and the PM allows the user to
save or submit a password using this form without notice, then the PM has failed this
test.

Action Scheme Prevented if Unsafe

To pass this test, the PM must successfully abort a password delivery if requested by
the user.

Autocomplete=Off Prevents Form Fills

To pass this test, the PM must never deliver a password when the autocomplete
attribute is present and set to "off".

Invisiblility Prevents Form Fills

To pass this test, the PM must never deliver a password using a form that is not
visible. For example, if a login form is present on a web page but has its display
property set to none, and the PM automatically fills the form allowing the password
to be transmitted despite being invisible, then the PM has failed this test.

Method Checked on Retrieval

To pass this test, the PM must never deliver a password using an HTTP method other
than the one by which the password was delivered when it was saved. For example, if a
password is saved on a form that uses POST, and then automatically filled in another
form that uses GET to deliver the password, then the PM has failed this test.

Method Raises Warnings

To pass this test, the PM must warn the user if the password submission method is
potentially unsafe. For example, if a login form uses GET, which causes the password
to be added to the address bar, and the PM allows the user to save or submit a
password using this form without notice, then the PM has failed this test.

Multiple Paths per User per Authority

To pass this test, the PM must allow a user to save different passwords in different
paths of a single domain using the same user name. Note the implicit requirement that
a PM must distinguish paths in both the action URI and page URI.

Multiple Ports per User per Authority

To pass this test, the PM must allow a user to save different passwords using
different ports on a single domain using the same user name. Note the implicit
requirement that a PM must distinguish ports in both the action URI and page URI.

Multiple Schemes per User per Authority

To pass this test, the PM must allow a user to save different passwords using
different schemes on a single domain using the same user name. Note the implicit
requirement that a PM must distinguish schemes in both the action URI and page URI.

Page Path Checked on Retrieval

To pass this test, the PM must never deliver a password to a path other than the one
at which the password was requested when it was saved. For example, if a password is
saved on a self-referring form, and then automatically filled in another form that
points to the same path but is located in the parent directory, then the PM has
failed this test.

Random Name Attribute Prevents Form Fills

To pass this test, the PM must never fill a password in a form field whose name
attribute does not match the name of the field that was used to save the password.

User Required for Password Retrieval

To pass this test, the PM must never fill a password without explicit user interaction.

User Required for Password Save

To pass this test, the PM must never save or overwrite a password without explicit
user interaction. For example, if a password is saved with a username, and then the
same form is re-submitted with the same username and a different password, and the PM
then fills the new password into forms instead of the original password, then the PM
has failed this test.


Valid URIs Don't Break Anything

To pass this test, the PM must never submit a password to the wrong URI or fail to
submit a password to a valid URI as a result of erroneous action attribute parsing.
For example, if the action attribute value is "mailto:localpart[at]www.info-svc.com" and
the PM delivers a password to "http://www.info-svc.com/mailto:localpart[at]www.info-svc.com"
then the PM has failed this test.
"
« Last Edit: March 09, 2010, 05:39:09 PM by Endymion »
I have learnt silence from the talkative, toleration from the intolerant, and kindness from the unkind; yet strange, I am ungrateful to these teachers.
Kahlil Gibran (1883 - 1931)

Offline SS26

  • Comodo's Hero
  • *****
  • Posts: 1925
Re: New Ideas for Comodo Dragon
« Reply #42 on: March 10, 2010, 04:04:05 AM »
It's pointless...
...It seems kind of pointless...
Understood.  No more questions left.

Last attempt -- implement in CD similar functionality, which provide these FF addons: NoSquint, Flashblock, BetterPrivacy.



Thanks, i will try this if i will install CD once again.
« Last Edit: March 11, 2010, 11:35:41 AM by SS26 »

Offline JoWa

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5481
  • I believe in doubt.
    • Evolutionary history of life
Re: New Ideas for Comodo Dragon
« Reply #43 on: March 10, 2010, 05:07:32 AM »
BankID looks to be nothing more than a Client Certificate. (Although, I can't tell) Nothing needs to be built into the browser. Support for BankID would have to come from BankID. They need to ensure their product works with Chrome. I can tell you this, we at Comodo have a similar product called "Comodo Two Factor". We didn't have support for Chrome in our early version of this product, but now we do.
I use Net iD client from SecMaker AB. I asked them when Chromium will be supported. Here is the reply:
Quote
Vi kommer stödja Chrome när de har fullständigt certifikat stöd som Firefox har.
In English (my translation):
We will support Chrome when they have full certificate support as Firefox has.
 ???
Ubuntu 18.04 | Chrome 69β | HTTPS Everywhere | Privacy Badger
Forum Policy | Comodo Product Help

Offline Sal Amander

  • Comodo's Hero
  • *****
  • Posts: 742
Re: New Ideas for Comodo Dragon
« Reply #44 on: March 10, 2010, 10:18:11 AM »
Understood.  No more questions left.

If you can provide valid points to your wish to include those features then by all means do so in the Wishlist boards. That way we (Comodo) can gauge if there's high demand for these features.  ;)



 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek