Ask for password when user increases range of synchronised categories
ROTFL last edited by ROTFL
I got computer in my workplace connected via sync with my home PC.
For example I want to sync only my extensions + Vivaldi settings.
But in case of anyone else has access to my computer (like domain administrator in company I work for) he could also elevate access level and clone all of my bookmarks / notes from my home PC without knowing vivaldi.net credentials / password. Currently it requires only checking checkbox in settings.
vivaldi://settings/sync/after clicking "Apply" when any new checkboxes are selected, Vivaldi should also ask for password.
I wouldn't like to use master password if it will be implemented.
becm last edited by becm
To make this security model work, the server would have to limit the operations a specific client is allowed.
Since information on Vivaldi sync is not publicly accessible I'm not shure if it
- reliably identifies client endpoints
- allows restrictions on operations a client may issue
- has options to (re)issue/replace client access tokens and/or policy.
Such requirements could be met with an
oauth2implementation, but I don't know if Vivaldi went down that thorny road.
We could add some UI to enforce that, but since the list of synced datatype can be changed by editing the prefs file on disk, that wouldn't help much.
ROTFL last edited by
@gaelle Yes, I am aware that it requires "backend" changes to make it real security improvement...