Closed
Bug 418321
Opened 17 years ago
Closed 13 years ago
Components do not expose disk interfaces
Categories
(Firefox :: General, enhancement, P3)
Firefox
General
Tracking
()
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
blocking2.0 | --- | - |
People
(Reporter: mikeperry.unused, Unassigned)
Details
(Keywords: privacy)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 It was requested at my Mozilla brown bag talk that I provide a list of interfaces that could be improved to make the browser more flexible about writing state to disk. One of the major issues I ran into was that the file output stream was being referred to by CID instead of contract ID in nsUtils, but that seems to be fixed in Firefox 3. However, I am aware of three additional components that do not have preferences or interfaces suitable to prevent their disk access: @mozilla.org/browser/sessionstore;1 http://www.xulplanet.com/references/xpcomref/comps/c_browsersessionstore1.html The sessionstore has a number of methods to govern attaching additional information to nodes, but no writeToDisk hook that can be reimplemented to preserve the "Undo Close Tab" feature, but prevent browser session from touching disk (or to write it to an alternate location, or encrypt it, etc). @mozilla.org/dom/storage;1 - http://www.xulplanet.com/references/xpcomref/comps/c_domstorage1.html According to http://developer.mozilla.org/en/docs/DOM:Storage, it seems that DOM storage is eventually supposed to persist on disk in the event of crashes, yet there are no prefs nor interfaces to govern this. This is probably due to Bug 339445. @mozilla.org/cookiemanager;1 http://xulplanet.com/references/xpcomref/comps/c_cookiemanager1.html It is possible to disable writing of cookies by demoting the cookie manager's lifetime policy to transform everything into session cookies, however this prevents the implementation of "memory-only" cookie jars, or encrypted cookie jars that the user can toggle between without writing them to disk. It may still be possible to do this (with a lot more complicated code) with session cookies and hooking the add method, so perhaps this is a minor concern. I will add more to this bug as I come across it. The formfill interfaces probably need to be added here, but I have not investigated them in detail yet, since Torbutton just disables formfill and password saving in Tor mode by default for now. Reproducible: Always
Reporter | ||
Updated•17 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 1•16 years ago
|
||
Hmm, we've done stuff since this for private browsing, though I think that's just implied by private browsing, and not exposed to external callers for non-PB modes
Priority: -- → P3
Target Milestone: --- → Future
Updated•14 years ago
|
Flags: blocking1.9.0.19?
Updated•14 years ago
|
blocking1.9.1: --- → ?
blocking1.9.2: --- → ?
blocking2.0: --- → ?
OS: Windows XP → All
Hardware: x86 → All
Target Milestone: Future → Firefox 3.7
Updated•14 years ago
|
Flags: blocking1.9.0.19?
Target Milestone: Firefox 3.7 → ---
Updated•14 years ago
|
blocking1.9.1: ? → ---
blocking1.9.2: ? → ---
blocking2.0: ? → -
Comment 2•14 years ago
|
||
@benjamin@smedbergs.us: Earlier the Target Milestone was listed as Firefox 3.7. See History over here: https://bugzilla.mozilla.org/show_activity.cgi?id=418321 I changed removed Target Milestone and changed it to Blocking 3.6.4; as 3.7 is now renamed 3.6.4.
Comment 3•13 years ago
|
||
The Tor Project / Electronic Frontier Foundation is paying to have this bug fixed. "If you know C++ and/or Firefox internals, we should be able to pay you for your time to address these issues and shepherd the relevant patches through Mozilla's review process." Source: https://blog.torproject.org/blog/web-developers-and-firefox-hackers-help-us-firefox-4
Reporter | ||
Comment 4•13 years ago
|
||
Actually this is mostly solved due to the private browsing work. DOM storage is the exception (it would be nice to have a way to make it memory-only), but we should file a separate bug for that.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•