Merge 52149414ab
into 0e769e1426
This commit is contained in:
commit
da593f5972
|
@ -722,6 +722,32 @@ if you use sandboxes or virtualization-based isolation around your browser,
|
|||
you may have to work extra hard to enable USB pass-through from the
|
||||
application to your USB token.
|
||||
|
||||
#### 4: Separate Firefox profiles for each security context
|
||||
|
||||
This is an alternative to the two-browser scenario which only requires
|
||||
Firefox and allows any number of environments (work, testing web
|
||||
applications, webmail and social networks, random browsing, etc.)
|
||||
|
||||
Each Firefox profile will have a completely independent configuration,
|
||||
including history, cookies, cache, add-ons, network, and privacy and
|
||||
security settings, and they can run simultaneously in separate processes. No
|
||||
browser data will be shared among the profiles and the process isolation
|
||||
will provide an extra barrier against compromises.
|
||||
|
||||
Notice that data saved by binary plugins (e.g. Adobe Flash) will still be
|
||||
shared among the several profiles (and also across any other browser using
|
||||
them). It is recommended to disable the plugins in the most sensitive
|
||||
profiles and set them as click-to-run in the others. It is also recommended
|
||||
to prevent Flash from saving local data by making its data directory read
|
||||
only.
|
||||
|
||||
To create a new profile, you should call Firefox passing the option
|
||||
`--ProfileManager` and to open the profile selector once another instance is
|
||||
already running, call it with the option `--new-instance`. From a usability
|
||||
perspective, it is recommended to set each profile to a different theme or
|
||||
color scheme, minimizing the risk of confusion when alternating among them.
|
||||
|
||||
|
||||
### Password managers
|
||||
|
||||
#### Checklist
|
||||
|
|
Loading…
Reference in a new issue