I was reading the Mozilla Doc about Firefox Addon Storage and it says:
Storage is a SQLite database API. It is available to trusted callers, meaning extensions and Firefox components only.
Well, it says its available to firefox only, but I managed to acess my Echofon storage by using a simple SQLite Manager for Linux. I found the .sqlite at:
/home/user/.mozilla/firefox/pmk9mj59.defa开发者_StackOverflow中文版ult/twitterfox_1.9.sqlite
The question is: how to protect my .sqlite storage in order to have it safe from external resources.
Anything on your local computer can access files with the right permissions on your local computer. The Mozilla document is talking about stuff running inside the browser (e.g. web content cannot access the database).
I think what Mozilla means is that it can only be accessed by privileged JavaScript (i.e. JavaScript running in Firefox chrome, either Extensions or Firefox itself) and not by unprivileged JavaScript in web pages (from inside the browser).
If you are worried about someone getting the file directly via the OS, then there is little Firefox can do to help you. If this is the threat you are trying to protect against you should make sure the computer is properly configured (remove unnecessary services, limit access, etc), you use strong passwords and that access to the file is limited only to your user at the file system level.
精彩评论