Dieses Thema wurde archiviert. Bitte stellen Sie eine neue Frage, wenn Sie Hilfe benötigen.
We have a serious issue with sensitive data.How can I completely disable sessionrestore.js file in network computers with out doing manually each machine ?
Currently in our organization use firefox browser as a default browser. PCI auditors found sensitive data storing in our machines System Volume Information folder. In that folder contains sessionrestore.js backup files, which stored as windows backup process each and every day. So now we need to disable sessionrestore.js file in each and every machine. Also we can not do manually set never remember history option in each and very machine in the network. So is there any solution?
Edit put space after period at end of sentences as it was creating links.
Geändert am von James
Alle Antworten (11)
Portable version of FF could solve this issue by personalizing Data\Profile directory for each user. "Data" directory can be placed on secured store (whith disabled archiving and indexing by Windows) and configured to use by FF through link-files (lnk).
"... which stored as windows backup process each and every day." Exclude those files from the Windows backup process?
What data in the sessionstore.js file in particular is the problem?
You can set the browser.sessionstore.privacy_level pref to 2 (never) or 1 (non-HTTPS) on the about:config page to disable saving cookies via session restore in the sessionstore.js file. The browser.sessionstore.privacy_level_deferred pref is used when you do not reopen the previous session automatically via "Show my windows and tabs from last time" and uses the same values.
>Exclude those files from the Windows backup process?
For example to manage every individual user profile data ("Data" directory) as one thing place each into one directory, i.e. "User Data".
(1) Exlude those files from indexing, i.e "User Data" directory. Set additional directory attribute "Allow indexing..." of "User Data" with inheritance to all nested directories and files. Also exclude "User Data" directory from the Windows Indexing Service and/or Windows Search Engine and other search engines, f.e. Google Desktop Search. Check after reindexing "System Volume Information" directory (here is how to get access to it).
(2) If the auditor allows keep sensetive user data in the secured backups include "User Data" directory into backup process as desired. If the auditor disallows then exlude "User Data" from the backup process: f.e. if you are using Windows Archiving Service include "User Data" into the "Files exclusion" list.
(3) Also look at System Volume Information
Sorry you're having that problem, but this forum isn't intended for providing support for "organizations" - it's for end user support. Not saying that we don't want to help you, but your organization isn't using Firefox in a manner that we are familiar with, and not "as supplied by Mozilla".
You answered my obvious solution, to just not include that file in the backup routine. But you didn't respond to what cor-el posted.
What about changing browser.sessionstore.privacy_level as suggested?
How about disabling the sessionstore feature altogether? Your users may not be happy, but that should eliminate your auditor's concerns. http://kb.mozillazine.org/Browser.sessionstore.enabled
Again not really the subjects we discuss here but Firefox deployments can make changes to all of your machines.
- possibly utilising CCK https://addons.mozilla.org/firefox/addon/cck/
You possibly should also consider using Firefox ESR and seeking advice in their mailing list
.ini and .js files are among the file types that are stored in the System Volume folder as part of an (automatic) System Restore point and there is probably not much that can be done to prevent this. If Session Restore is disabled altogether then it is also not possible to undo closed tabs and windows or restart Firefox when necessary.
Thank you so much for your suggestions. Setting the browser.sessionstore.privacy_level 2 is really worked for me. Also I can set never remember history option too.But the problem is I have to configure it each any every machine manually.
Recreation Process I have found following article regarding this matter. Reference http://ceriksen.com/2012/07/26/firefox-sessionstore-js-and-privacy So this bug can generate anyone following this methodology.
Geändert am von sampath_sl
After reading this - http://ceriksen.com/2012/07/26/firefox-sessionstore-js-and-privacy/ - that does seem to be a large security issue, assuming that the Private information in the file mentioned at the end of that article is stiil valid - article is dated July 26, 2012 .
Credit Card number, and Address, along with the First and Last Names are in there.
I don't have session restore (or history) activated in the only Profile that I use for banking or online purchases, so I can't test it myself.
Thank you so much for your suggestions. The latest version of Firefox also has this issue too. So someone can steal this kind of information using a malicious program.
Also I have checked the browser.sessionstore.max_tabs_undo and browser.sessionstore.resume_from_crash options.They didn't work out for me.
Geändert am von sampath_sl
I thought the purpose of this thread was about the sessionstore.js file being backed up and your auditor finding fault with that happening?
And now you're gonna "cry wolf" over the remote possibility of a malicious program stealing data?
Too much of a stretch for my tastes, "color me gone".