> > For non-Jetpack extensions, places like #extdev have been explicitly telling > people to avoid prefs for larger scale storage, because prefs are always
ohh! Makes sense! > completely loaded on startup (so things like a table for a site-specific > extension wouldn't make sense. localStorage would work, but then again the > extensions could already access the sqlite storage > (https://developer.mozilla.org/en/Storage) stuff anyway. The SQLlite stuff uses nsIFile. The problem is that nsIFile allows arbitrary access to any file, which is not good. I don't want every extension I install to have the power to delete all my documents. You ideally want to limit the privileges of an extension to the minimum (Principle of Least Privilege). To me, it looks like (and I might be wrong here), there are two obvious/simple ways to do it : * Limit nsIfile to only write to files in a particular directory (say specific to each extension). * Make extension writers use stuff like localStorage and disallow/discourage use of nsIFile. (is there any other option I have missed?) (There are ofcourse extensions that might require arbitrary file access, but for them AMO could require intensive review ) I am a fan of option 1. Mook : As an extension developer, what problems do you see with either of the two options ? I am really interested in your viewpoint. Cheers Devdatta _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
