Gears shouldn't store hostname-dirs and global datafiles in the same directory.

benlilaj / gears

Automatically exported from code.google.com/p/gears

0 stars 1 forks source link

Gears shouldn't store hostname-dirs and global datafiles in the same directory. #52

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

My "Google Gears for Firefox" directory stores hostnames and Gears files
mixed together.  "localserver.db" and "permissions.db" and
"_null_.localdomain" are all valid forms of hostnames.  Admittedly, they
aren't _likely_ domain names, indeed, .localdomain is well-defined and .db
is not a valid top-level domain, but we should still have separate
"Directories where we store things by hostname" and "Directory where we
store our global files" (of course, the directory of hostnames may itself
be stored in the directory of global files).

I don't think this has any current security implications, it just seems
like bad practice.  It becomes a potential issue if someone ever adds a
data file which does map to a hostname.

Original issue reported on code.google.com by Scott.Hess on 9 Jun 2007 at 12:06

GoogleCodeExporter commented 9 years ago

If a change in paths would break compatibility (require migration on upgrade 
code)
can we fix the crazy long path components with spaces too?

"Google Gears for Internet Explorer"
"Google Gears for Firefox"

Original comment by linus.up...@gmail.com on 11 Jun 2007 at 3:19

GoogleCodeExporter commented 9 years ago

Might also be an opportunity to use fewer special characters in names.  Right 
now we
have _ as the separator for protocol/port (ex: "http_80"), # as the suffix 
separator
(ex: dbname#database), and [] used in versioning (ex: "file[12].html").  
Bringing it
all together, you get paths like:

  www.myapp.com/http_80/mystore_managed[29]#localserver/myfile[12].html

Both the # and [] are definitely not the greatest for Unix-based systems, 
though most
shells handle them pretty well these days (auto-complete will usually 
auto-escape). 
But Gears should NEVER use any filesystem manipulation code which hasn't been
thoroughly vetted for globbing or other shell interpretation.  These could also 
cause
porting issues, insofar as systems inject their own understanding of magical 
characters.

Original comment by Scott.Hess on 11 Jun 2007 at 5:48

GoogleCodeExporter commented 9 years ago

Original comment by gears.te...@gmail.com on 27 Jun 2007 at 7:24

Added labels: Milestone-M1
Removed labels: Priority-Low

GoogleCodeExporter commented 9 years ago

Original comment by gears.te...@gmail.com on 2 Jul 2007 at 6:59

Added labels: Milestone-M2
Removed labels: Milestone-M1

GoogleCodeExporter commented 9 years ago

Original comment by gears.te...@gmail.com on 5 Sep 2007 at 12:10

Added labels: Milestone-M4
Removed labels: Milestone-M2

GoogleCodeExporter commented 9 years ago

Original comment by gears.te...@gmail.com on 5 Sep 2007 at 4:41

Added labels: Version-unscheduled
Removed labels: Milestone-M4