From MozillaWiki
< Services‎ | Sync‎ | WEP
Jump to: navigation, search

WEP 113 - Addon Data Storage


Give Firefox addons the capability to store their preferences and other data on the weave Sync servers. This will allow multiple versions of the addon to behave in the same fashion across multiple Firefox installations.

From the server side, the technical issues are minimal - each addon can sync to their own collection space, just like bookmarks, history, etc. The data will be limited as part of the overall quota.

However, there are some client-side issues which, when addressed, will make the experience easier and safer.


1) Namespace collisions: If two add-ons try to use the same collection namespace they will end up with confusingly-formatted data in the best case, and will end up overwriting each other in the worst case.

2) Malicious intent: An add-on, allowed to talk directly to the server and with access to the user's account information, has the power to cause havoc to all aspects of the account. Wanton destruction would probably cause the other browsers to sync up again, but a carefully constructed set of queries might enable the user to actually cause data loss that would propagate to the other machines.

Client Brokering

Both of the above issues can be mitigated by only allowing addons to communicate with the Sync servers through the official client.

1) The client can generate a collection name based on the name of the add-on, with inappropriate characters stripped out. This can be a requirement for allowing addons to sync, with some level of enforcement done in the client. The client control panel would present a list of addons that have requested permission, which would allow the user to visually determine what was expected to happen.

2) By only allowing the client access to the username and password, attacks cannot be done unless the user gives permission through the control panel to allow this addon to sync. This allows greater confidence in addons that have been acquired through official channels (promising at least a cursory check that Weave will not be attacked) while still allowing for unofficial ones to sync if the user is sufficiently confident to allow them to. This also makes security messaging a little easier - only put your username and password into the official Weave Client.