Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 12
I've noticed that when I start typing the first few letters of a form (like my handle when I log in here) the rest appears on the screen.But I've searched ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Enthusiast
    Join Date
    Jan 2005
    Posts
    575

    Where does Firefox store form info ?


    I've noticed that when I start typing the first few letters of
    a form (like my handle when I log in here) the rest appears on the screen.But I've searched all the files in the
    firefox directory using grep and they don't contain my handle.Explanation anyone ?

  2. #2
    Linux Enthusiast
    Join Date
    Jan 2005
    Posts
    575
    After some experimentation , it appears that form info is stored
    at formhistory.dat and history.dat in the .mozilla/firefox directory.
    I assume they are stored encrypted since they do not appear in a
    recognizable form in those files.

    But I don't understand what purpose the encrypion serves.
    Let's say that some stranger manages to gain access to the
    relevant files.If the form info was unencrypted he/she would be
    able to read it but so what ? Is form info (and I don't mean
    passwords) valuable enough to justify all this trouble ?

  3. #3
    Linux Guru budman7's Avatar
    Join Date
    Oct 2004
    Location
    Knee deep in Grand Rapids, Michigan
    Posts
    3,242
    Some people have there passwords remembered.
    The rest of the form info is just convenience.
    How to know if you are a geek.
    when you respond to "get a life!" with "what's the URL?"
    - Birger

    New users read The FAQ

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Engineer psic's Avatar
    Join Date
    Nov 2004
    Location
    Ljubljana, Slovenia
    Posts
    1,205
    You can empty this information (and turn it on/off) in Edit>preferences>privacy
    Stumbling around the 'net:
    www.cloudyuseful.com

  6. #5
    Linux Enthusiast
    Join Date
    Jan 2005
    Posts
    575
    Quote Originally Posted by budman7
    Some people have there passwords remembered.
    Yes but since Firefox is open source , someone can see
    which encryption and decryption algorithm it uses.So if they
    managed to gain access to my files they could just use
    the same decryption algorithm and see what they want.

    Am I missing something ?

  7. #6
    Linux Guru budman7's Avatar
    Join Date
    Oct 2004
    Location
    Knee deep in Grand Rapids, Michigan
    Posts
    3,242
    When you talk about somebody accessing your system, do you mean physically accessing it?
    If that is the case, having remembered passwords, even though they are encrypted is not going to do you any good. Your system is compromised.

    If you are talking about somebody accessing your system some other way, then I am not sure what they could do.

    Btw, just because it is open source and the code is visible, does not give a cracker a path into the system.
    Having the plans to Fort Knox and knowing all the security plans, doesn't mean you can break into Fort Knox.
    How to know if you are a geek.
    when you respond to "get a life!" with "what's the URL?"
    - Birger

    New users read The FAQ

  8. #7
    Linux Engineer
    Join Date
    Mar 2005
    Posts
    1,431
    Not sure which encryption it uses, but if it uses DSA for example I think it uses different encryption keys on every machine/system.

    I also saw some security options in the firefox-settings, listing up TLS and such but that may be data-transfer encryption instead.

  9. #8
    Linux Enthusiast
    Join Date
    Jan 2005
    Posts
    575
    Quote Originally Posted by budman7
    When you talk about somebody accessing your system, do you mean physically accessing it?
    No , I meant over a network.
    Having the plans to Fort Knox and knowing all the security plans, doesn't mean you can break into Fort Knox.
    I'm not sure this is a good analogy.The way I see it , Firefox needs
    to have available all the info required to decrypt entries in
    the history files.This info must exist in some file Firefox
    can read.Since Firefox runs as a process owned by me ,
    if someone has managed to obtain my password then
    every file Firefox can read the intruder can also read.So if
    the intruder knows where to look they should be able
    to read all the info they want.And reading the Firefox source
    should tell them where to look.
    Quote Originally Posted by jaboua
    Not sure which encryption it uses, but if it uses DSA for example I think it uses different encryption keys on every machine/system.
    But still Firefox has to be able to read those keys.So an intruder
    who has got my password will also be able to read the same keys.

  10. #9
    Linux Engineer
    Join Date
    Mar 2005
    Posts
    1,431
    Quote Originally Posted by Santa's little helper
    firefox has to be able to read those keys.So an intruder
    who has got my password will also be able to read the same keys.
    Don't think so if it uses DSA:
    http://en.wikipedia.org/wiki/DSA

    Anyway, it's not sure the file is encrypted, maybe it's just compressed to save disk-space.

  11. #10
    Linux Enthusiast
    Join Date
    Jan 2005
    Posts
    575
    I read the link.I don't see how it answers what I'm saying.

    I don't think it's compressed because urls are readable.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •