Forum Discussion
Option to safely yet simply add exceptions for java, flash and self signed certs?
Oh it's alright, I don't use Firefox much but I know the universal and correct way to trust any Certificate Authority, including the self singed certificate, is this way:
- In Windows RUN, enter "certlm.msc" (with Admin rights)
- navigate to the Trusted Root Certificate Authorities store (should be the 2nd from top)
- right-click anywhere and select import then browse for your self signed certificate CA.
to get this certificate you need to go to the computer/server where you generated the self signed certificate, go to its Trusted Root Certificate Authorities store and export it. now when exporting, you should first decide if it's going to be used on a server or client. if it's a server then export with private key, if it's a client don't export with private key.
You're right, almost all companies and developers that provide support for their clients have/will have provided the update for Flash removal by that time.
though there are some 3rd party emulators for Flash but since it won't be getting any more security updates from Adobe, the security risk is fairly high.
Thank you for expanding on that for me. TBH I don't know much about the inner workings of how browsers interact with the OS and other add ins.
Please correct me where I'm wrong, but didn't Firefox provide a really simple way to add the cert or site to trusted list of the computer right from the "Site not safe" warning dialog?
Let's say the site doesn't load due to self signed or old cert, then I could click on the lock icon, get the information and a place that says something to the effect of "advanced" or "developer" where I could choose to allow that cert from the site or maybe anything from that site, because it know it's a little web enabled device serving up a simple web console or interactive site. Add a warning that says, "Don't do this unless you trust the site; you are making your computer vulnerable to attacks and your antivirus won't be able to help you."
I understand why people are moving away from Flash, but not supporting it at all seems a little brash. On the bright side I cannot think of many embedded systems with Flash code that don't have firmware updates available.
There is an emulator that is being created, because games run better on flash than other codes. I threw the idea out there of it being supported and was surprised to see the negative views of flash in general. I agree with you that it shouldn't be thrown out completely, because there are some things on the web that will be lost, and an emulator that is easy on the battery, has a sandbox for security, and quickly loads seems like a solution.
As I read the way you phrased it I thought about how my stance on work site safety applies to internet safety, it seems over the years OSHA has moved to enforce policies that attempt to remove all risks from the work site (which is inherently impossible) and spend less time focusing on teaching workers how to identify risks while working and address them based on severity and probability. That identification and mitigation has been removed from the work site and placed the desk of foreman or even worse someone hired to do nothing other than handle safety efforts. This trend has more or less implied that the common worker is not capable of being trained to identify risks themselves but someone in an office somewhere else that has likely never run the equipment and tools should do that for them.
What's my rambling point? Padded rooms reek of ignorance.
I'm not saying all people that browse the web should be able to identify malicious lines of code hidden in web-pages. I fear the trend is to the opposite extreme of removing functionality in the name of safety at all costs. I know there is a lot of work being done to keep high performance AND maintain a safe browsing environment; never-the-less compromises are being made. Developers have the technology and know how to produce a safe browsing environment, it is not their responsibility to force that environment on users. The end user must be held responsible for their browsing security; the software should just provide that ability, not enforce it.
Just my opinion, sorry for getting wordy.