Closed Bug 174522 Opened 22 years ago Closed 11 years ago

"registry.dat" should be plain text like "pluginreg.dat"

Categories

(Core Graveyard :: Profile: BackEnd, defect)

Product:
Core Graveyard
Component:
Profile: BackEnd
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE
Milestone:
mozilla1.5alpha

People

(Reporter: bugzilla, Assigned: ccarlen)

References

Details

Attachments

(1 file)

prelim DTD and sample of XML registry
1.49 KB, text/plain
Details 
I see a lot of people having problems with their profiles. Having 
the "registry.dat" in plaintext like "pluginreg.dat" could help some of the 
problems.

More important it could also help external programs parse the profile data. 
The company I work for currently have dropped support for Mozilla since it's 
almost impossible to located the profile data for by parsing the regitry.dat
I completely agree. Though instead of being some custom format text file, it
should be XML. I've already started on the DTD for it.
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.3alpha
Cool! Way to go! Looking forward to this!
What about the dependencies with older versions like Mozilla 1.0, Netscape 6.x,
and 7.0, which use the same (binary) file?
There could be a one time convert function, that converted the .dat file to a
.xml file. Perhaps this could be put together with the fact that Netscape and
Mozilla should be using different profiles.
The new file should just be called "profiles.xml"
Need to fix bug 175919 along with this.
Blocks: 175919
Blocks: 151000
Removing duped dependency.
No longer blocks: 175919
Mass move of 1.3a bugs -> 1.4a.
Target Milestone: mozilla1.3alpha → mozilla1.4alpha
Sorry if stupid question, but doesn't this negate purpose of salt directory?
Balancing workload :-/
Target Milestone: mozilla1.4alpha → mozilla1.5alpha
Blocks: 157662
Peter: no, why should it ? 
Well, the the registry.dat file is in a "known" location (unsalted). If it were
plain text and its contents referred to the salted directory, it could be easily
read and the "hacker" could find anything within the salted directory. Thus, the
salted directory would be useless. I thought the salted directory was that
hackers (viruses) couldn't easily find the profile data. With the registry
showing the "way" to the profile data, it woud be "easy" to find ones way into
the salted directory. No?
  Since the registry file would have to be parsed in order to read a profile
location from it, having it in a binary format doesn't make it safe from attack,
just slightly harder.
  But, anyway, if an attacker has the ability to open and parse a text file on
your drive, that attacker could just as easily delete your hard drive, salt or not.

ccarlen, could you attach the preliminary DTD file ? I'd like to have a look :)
Sure - here's the initial format I did. If it looks familiar, it is. It's based
on CodeWarrior XML projects.
Is it possible for an attacker to somehow insert javascript into the registry
file, which could then be executed by giving the user a link to the registry
file itself? 

Why does javascript loaded from a file have more permissions anyway?
Conrad, whats the status on your work?

I'm already drooling in anticipation of this fix. :)

ps: Until your fix gets merged, is there a standalone editor to edit registry.dat?
pps: Does the current registry.dat already support relative paths? 
> Until your fix gets merged, is there a standalone editor to edit registry.dat?
try this: http://www.alain.knaff.lu/howto/MozillaCustomization/
Blocks: 233162
The target milestone as a bit off :)
The target milestone is a bit off :)
Is there a way to change the location of registry.dat in Windows?
I've found that Firefox 0.9 and Thunderbird 0.7 uses "profile.ini", text base
profile index file, instead of "registry.dat".
Why "profile.ini" is still not implemented for Mozilla Suite?
QA Contact: ktrina → profile-manager-backend
File is no more.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → INCOMPLETE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: