Author Topic: PC's, Firefox, Javascript, WebPages saving data??  (Read 2088 times)

0 Members and 1 Guest are viewing this topic.

Offline GlennSprigg

  • Super Contributor
  • ***
  • Posts: 1238
  • Country: au
  • Medically retired Tech. Old School / re-learning !
PC's, Firefox, Javascript, WebPages saving data??
« on: November 25, 2021, 12:18:08 pm »
When you have something like a JavaScript App running on a WebPage, and it needs to store user-data, it gets confusing!
It is stored (un-securely) on your hard-drive, through various self contained 'modules' that pass info back & forward to each other.
An original piece of JavaScript on the page, may say something like...
let check2 = localStorage.getItem(randName);
let check1 = localStorage.getItem(strName);

In the above example, this is how it may get some user info back from what was saved, however, 'localStorage' is all JavaScript knows!
From there, the actual Browser you are using, (FireFox in this case), *Interprets* that Word in it's own way, in regards to where it is
actually going to or coming from! And then in fact passes what 'it' want's to do to 'Windows' for the actual writing/reading. (Sigh..).

An unfortunate side digression first though!!!... FireFox stores virtually all it's user data, including such data above, along with the likes
of Bookmarks, History, Cookies etc etc, in a master DataBase file called 'webappsstore.sqlite'. The actual location of this file, is...
C:\Users\<user-name>\AppData\Roaming\Mozilla\Firefox\Profiles\xxx xxxxx.default-release
This causes confusion, because firstly, it is not in \AppData\Local, but in \AppData\Roaming !! (Do not confuse with 'local' above!).
Now, notice in the 2nd line above, the last Sub-Directory name after \Profiles\. the 'xxxxxxxx' is a user-specific random name, and yours
will be unique! NOW, prior to a certain version of FireFox, that final sub-directory WAS called 'xxxxxxxx.default' , and you 'may' still see that
present too under \Profiles\, but all later versions of Firefox now have the new sub-directory 'xxxxxxxxx.default-release' . And THAT is the
one that is current! (The word 'release' now refers to the standard release, as opposed to a 'nightly' or 'debug' version).

OK, so that's where all this user data is stored... So how can you view the contents of this '.sqlite' file?? Luckily, the best software for this
is FREE, called DB Browser for SQLite from https://sqlitebrowser.org/ Here, it gets a bit funny though with FireFox!!... (Sigh, again).
The main DataBase Fields are 'originKey, scope, key, value' , similar to the system registry. Now the first two of those, are basically showing
you what WebPage they are relevant to, BUT FireFox reverses the order of the letters, to make things easier to Index/Find !! So...
If it was for example, 'microsoft.com', it will show up when filtering/searching the column results as 'moc.tfosorcim.' (With a dot at the end).

Have fun!!  My little brain didn't have to learn this, but I wanted to know where/how user info was saved/stored from certain pages!!   :)
Diagonal of 1x1 square = Root-2. Ok.
Diagonal of 1x1x1 cube = Root-3 !!!  Beautiful !!
 
The following users thanked this post: newbrain, gnavigator1007

Offline newbrain

  • Super Contributor
  • ***
  • Posts: 1360
  • Country: se
Re: PC's, Firefox, Javascript, WebPages saving data??
« Reply #1 on: November 30, 2021, 03:02:08 pm »
Thanks, interesting tidbit.

it is not in \AppData\Local, but in \AppData\Roaming
Yes, that's the correct place, in short:
Local (should) contains things strictly tied to the specific machine.
LocalLow, the same, but used by processes with lesser access rights.
Roaming: it's the stuff a server might want to cache so that one can login from any machine (so 'roaming') and retain your applications settings, status etc  - or you can copy it yourself.
Nandemo wa shiranai wa yo, shitteru koto dake.
 

Offline dferyance

  • Regular Contributor
  • *
  • Posts: 156
Re: PC's, Firefox, Javascript, WebPages saving data??
« Reply #2 on: December 02, 2021, 02:08:49 pm »
Naturally, it gets more complicated from there. Web pages often store data for your user or session on the server itself. Good luck trying to find that. There is also cookies and IndexedDB. Plus all sorts of tracking methods such as detecting if the browser has a url cached.

It isn't too unusual that the data isn't encrypted. It is stored with your user account so NTFS permissions protect it and disk encryption too. Fundamentally when storing encrypted data there is the whole problem of where to store the key. You need the key to access it but then if you store in the same place as the data, someone who has access to the data will have access to the key as well.

 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf