Firefox Addon Storage Security

views:

answers:

Firefox Addon Storage Security

I was reading the Mozilla Doc about Firefox Addon Storage and it says:

Storage is a SQLite database API. It is available to trusted callers, meaning extensions and Firefox components only.

Well, it says its available to firefox only, but I managed to acess my Echofon storage by using a simple SQLite Manager for Linux. I found the .sqlite at:

/home/user/.mozilla/firefox/pmk9mj59.default/twitterfox_1.9.sqlite

The question is: how to protect my .sqlite storage in order to have it safe from external resources.

Anything on your local computer can access files with the right permissions on your local computer. The Mozilla document is talking about stuff running inside the browser (e.g. web content cannot access the database).

sdwilsh 2010-07-20 14:23:32

Got it. I understand it now. Thanks for your answer.

Guilherme Oenning 2010-07-20 14:49:12

I think what Mozilla means is that it can only be accessed by privileged JavaScript (i.e. JavaScript running in Firefox chrome, either Extensions or Firefox itself) and not by unprivileged JavaScript in web pages (from inside the browser).

If you are worried about someone getting the file directly via the OS, then there is little Firefox can do to help you. If this is the threat you are trying to protect against you should make sure the computer is properly configured (remove unnecessary services, limit access, etc), you use strong passwords and that access to the file is limited only to your user at the file system level.

fms 2010-07-20 14:27:00

I'll try to remove critical data from local storage. Thanks for your answer.

Guilherme Oenning 2010-07-20 14:51:05

ansaurus

tags:

views:

answers:

Firefox Addon Storage Security

related questions