search

standardnotes / forum

Support from other community members. For 1-on-1 help, please contact help@standardnotes.com.
https://forum.standardnotes.org
196 stars 9 forks source link

Chromiumbased browsers keep a readable logfile with database information on disk #2063

Closed MrMette closed 7 years ago

MrMette commented 7 years ago

I just saw that if I log into the webapp in Google Chrome, it keeps this file on disk: %localappdata%\Google\Chrome\User Data\Default\IndexedDB\https_app.standardnotes.org_0.indexeddb.leveldb\000003.log

This file shows the content of the database in clear text. While it is not really easy to read and some things seem to be encoded, the main content seems to be in clear text.

Even when I log out of the webapp in chrome, the file is not removed. I can't seem to find this type of file when I use Firefox to log into the webapp, so it is possible it doesn't have anything to do with the app itself, but it seems like a security risk.

I usually never use the webapp, but I tested it out a few times and I saw the log copying when I was doing backups.

Extra Info: I am using Google Chrome 61.0.3163.39 (Official Build) beta (64-bit) Windows 10 Pro (newest update)

Edit: It seems to be the same for all chromiumbased browsers. I see the same behaviour in Vivaldi and Opera for example. %localappdata%\Vivaldi\User Data\Default\IndexedDB\https_app.standardnotes.org_0.indexeddb.leveldb\000003.log

%appdata%\Opera Software\Opera Developer\IndexedDB\https_app.standardnotes.org_0.indexeddb.leveldb\000003.log

There are some other files that stay in those folders, but they don't seem to have any usable information in them as far as I can see.

Edit 2: I just have tested it on Chromium on Windows and on Linux in a VM as well and it's the same thing: Windows Chromium: %localappdata%\Chromium\User Data\Default\IndexedDB\https_app.standardnotes.org_0.indexeddb.leveldb\000003.log

Chromium on Arch Linux in a VM: ~/.config/chromium/Default/IndexedDB/https_app.standardnotes.org_0.indexeddb.leveldb/000003.log

They all persist after logging out of the app and after closing the browser.

moughxyz commented 7 years ago

Thanks for the detailed report. Let me investigate why this is happening.

moughxyz commented 7 years ago

Ok, this issue has been fixed via 7f62d937f9bf485445e14e55a832d300cfb74edb and f85741e411975ecc1f2a812f5a9dabc1467f20c4. Thanks for catching this! Will deploy tomorrow after some more testing.

moughxyz commented 7 years ago

This has been deployed to the web app. Will deploy to desktop in the coming days.