Ask for password when user increases range of synchronised categories



  • Scenario

    I got computer in my workplace connected via sync with my home PC.
    For example I want to sync only my extensions + Vivaldi settings.

    But in case of anyone else has access to my computer (like domain administrator in company I work for) he could also elevate access level and clone all of my bookmarks / notes from my home PC without knowing vivaldi.net credentials / password. Currently it requires only checking checkbox in settings.

    Idea

    At vivaldi://settings/sync/ after clicking "Apply" when any new checkboxes are selected, Vivaldi should also ask for password.

    I wouldn't like to use master password if it will be implemented.



  • To make this security model work, the server would have to limit the operations a specific client is allowed.

    Since information on Vivaldi sync is not publicly accessible I'm not shure if it

    • reliably identifies client endpoints
    • allows restrictions on operations a client may issue
    • has options to (re)issue/replace client access tokens and/or policy.

    Such requirements could be met with an oauth2 implementation, but I don't know if Vivaldi went down that thorny road.


  • Community Manager

    We could add some UI to enforce that, but since the list of synced datatype can be changed by editing the prefs file on disk, that wouldn't help much.



  • @gaelle Yes, I am aware that it requires "backend" changes to make it real security improvement...

    0_1534925710071_45aefc44-4b55-4581-87f3-ec2a892fad44-image.png


 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.