Can anyone please shed some light on the sqlite databasing that seems to be happening whenever K-Meleon is used, if the machine also has Firefox installed?

We are finding various files, on machines with recent versions of Mozilla/Firefox, that carry the sqlite extension, such as places.sqlite; and these files not only database every location visited but much of the contents of the files is NOT encrypted and can carry personally identifiable information. We were amazed to find files on one machine that had personal names and social security numbers because of visits to Turbo-tax, etc. !?

Another amazing thing is that you don't even have to USE Firefox for these files to be amassed on your hard drive (unbeknownst to user): If you have Mozilla/Firefox on your machine, and you use K-Meleon, these files will be created and ongoing on your machine, sometimes amounting to many many megabytes of contents. Further, if you delete these files, Mozilla/Firefox appears to RECREATE them as soon as you reopen the browser.

Even though we specify to the browser(s) to NOT save a History and to purge Cookies, etc., these files are being created (behind our back) and stored on our machines, and we have no idea who can access them.

Can someone please research all this and report back whatever is learned about these sqlite files--and how we can GET RID OF THEM?

Even using CCleaner's "include" feature to purge these sqlite files does not seem to work, because the browser(s) simply recreate the files WITH THE DELETED MATERIAL REPOPULATED BACK INTO THE FILES!!, as soon as you reopen the browser(s).

This seems very shoddy, if not downright dishonest; and we would like to find out (1) who is responsible and (2) why there is not forthright information about this in the documentation for the browser(s) and (3) how to prevent this databasing in the first place and (4) how to get rid of the sqlite files already hiding out on our systems!

Clearly this is a security issue and apparently one that few people even know about.

Thanks in advance for any insights that anyone can provide.

Which version of KM caused this problem? What is the extension for a sqlite database?

I do not have FF installed, so maybe that is why I don't think I have seen this condition.

Well, I did more checking on my system and I did find files with the extension 'sqlite'. I am running various levels of KM 1.6.0 beta and these file appear in my profiles.

The files are cookies.sqlite, permissions.sqlite, and webappsstore.sqlite. In my KM 1.7 there is also places.sqlite, and index.sqlite.

There is a DLL file called sqlite3.dll in the root directory of KM. I think in the beta code Dorian was trying to move to the db system for keeping things but had only gotten the write part to work. This is just my guess.

I think I will try a little test in which I move the sqlite files to another place and see what happens to my KM when I run.

Edit:

When I removed the files, then I had fewer options for posting in this forum. I put all but cookies.sqlite back and tried again.

With all files          Options: Reply•Quote•Follow Topic•Report•Edit 
Without cookies.sqlite  Options: Reply•Quote

Hanlon’s razor is an eponymous adage named after Robert J. Hanlon that states: “Never attribute to malice that which is adequately explained by stupidity.”

JamesD



Edited 1 time(s). Last edit at 03/14/2012 12:37PM by JamesD.

Quote
SqLite Databasing in Browsers?
We are finding various files, on machines with recent versions of Mozilla/Firefox, that carry the sqlite extension, such as places.sqlite; and these files not only database every location visited but much of the contents of the files is NOT encrypted and can carry personally identifiable information. We were amazed to find files on one machine that had personal names and social security numbers because of visits to Turbo-tax, etc. !?

Clearly this is a security issue and apparently one that few people even know about.

Thanks in advance for any insights that anyone can provide.

Hallo Pleasantonian,

where does what write? The data You are voluteering are generalizing and not complete.

& I humbly submit the request Your Highness to use another browser. Try for example Comodo Dragon. Its authors claim that they create the most secure browser. You can easily run that easily with Your prestine, mint hardware!

I hope I know my place but I recommend that "WE" do not complain about K-Meleon betas and alphas. Clearly the current official version does not write idle sqlite files anywhere.

& This is no Mozilla Forum - place the Mozilla question @ another location.

& K-Meleon is no more under development by any developers except by users that want to keep using it if possible. We have legacy hardware and can only afford old programs.

So quit trolling here.

Greetings to California

---

@JamesD, the cookies are needed by our forum to know that You are logged in.

If You are not logged in You are only offered the limited menus.



Edited 2 time(s). Last edit at 03/14/2012 05:02PM by guenter.

Quote
Guenter
@JamesD, the cookies are needed by our forum to know that You are logged in.

If You are not logged in You are only offered the limited menus.

Thanks, I had come to that conclusion also. I Still don't know what webappstore holds. Twenty records take 141 KB. I have a database browser program and I can see the data, but it makes no sense to me.

I am not going to let it worry me. I like KM too much to care about it.

If anyone needs the SQLite Database Browser 2.0 b1 files, I can provide them.

Hanlon’s razor is an eponymous adage named after Robert J. Hanlon that states: “Never attribute to malice that which is adequately explained by stupidity.”

JamesD

Quote
JamesD


Thanks, I had come to that conclusion also. I Still don't know what webappstore holds. Twenty records take 141 KB. I have a database browser program and I can see the data, but it makes no sense to me.

I am not going to let it worry me. I like KM too much to care about it.

If anyone needs the SQLite Database Browser 2.0 b1 files, I can provide them.

I would switch off the the SQLite writing that is not needed. It is IMHO a waste of resources.
Even if I can set programs like ccleaner to dispose it when I want.
But I do not know how toggle SQLite writing.

Most of all - I'd hate to bug the developers with my wishes. I am not into the habit of looking into the mouth of a gift horse. Whatever I get is fine to me.

Greetings



Edited 3 time(s). Last edit at 03/14/2012 10:07PM by guenter.

To guenter:

What an appalling, SNOTTY response to a genuine request for info and help. You should be ashamed. Even though the General thread is not a Mozilla thread, the topic-question refers to problems caused by Mozilla/K-Meleon and is relevant.

It is sad that an honest request for help should be so disrespected and stomped on, with total disregard not only for the original poster but also for other users who may be disturbed by finding sqlite databasing going on without their knowledge or permission.

Your attitude is part of the problem, not part of the solution.

Quote
Apalled
To guenter:

What an appalling, SNOTTY response to a genuine request for info and help. You should be ashamed. Even though the General thread is not a Mozilla thread, the topic-question refers to problems caused by Mozilla/K-Meleon and is relevant.

It is sad that an honest request for help should be so disrespected and stomped on, with total disregard not only for the original poster but also for other users who may be disturbed by finding sqlite databasing going on without their knowledge or permission.

Your attitude is part of the problem, not part of the solution.

Pleasantonian,

do really You think it is a good idea to answer back using another name?

If a first post runs foul with someone that has given THOUSANDENDS answers, most of them friendly and civil, the person that turned sour has been appalling and snotty and has a behavior problem? That is the yeast of Your second post.


Nobody asked You to use this forum or browser. You were using beta software for productive purposes without understanding what beta implies. Do not tell me otherwise. That is obvious from Your original post.

My attitude towards people that speak in the royal "WE" mode has nothing to do with either the problem or the solution. People that take lingual liberties must not wonder about the reaction to that attitude.

Why do You claim to come here just for help and answers if You You spoke in that "listen here I come" mode in Your first post?

Greetings to California



Edited 1 time(s). Last edit at 03/15/2012 07:58AM by guenter.

The only files K-meleon creates are cookies.sqlite and pemissions.sqlite. It could create index.sqlite for offline cache, but nothing else.

Passwords and forms storing is made in other filetypes. So K-meleon or mozilla is not guilt at all.

Did you know Google apps, such as Chrome, uses sqlite files too?

For sqlite inspection I recommend the 1.3 version. It is more stable than that beta. Old, but reliable.

http://sourceforge.net/projects/sqlitebrowser/files/sqlitebrowser/

Quote
JH
The only files K-meleon creates are cookies.sqlite and pemissions.sqlite. It could create index.sqlite for offline cache, but nothing else.

Passwords and forms storing is made in other filetypes. So K-meleon or mozilla is not guilt at all.

Did you know Google apps, such as Chrome, uses sqlite files too?

For sqlite inspection I recommend the 1.3 version. It is more stable than that beta. Old, but reliable.

http://sourceforge.net/projects/sqlitebrowser/files/sqlitebrowser/

1.) Yes, about the same score here.

My K-Meleon 1.6 beta created webappsstore.sqlite additionally.
Probably used by my Yahoo account for storing data locally.
That makes three SQlite files total, here in my K-Meleon 1.6.beta's profile.



My Firefox created it its profile folder: addons.sqlite, chromeappsstore.sqlite, content-prefs.sqlite, cookies.sqlite, downloads.sqlite, extensions.sqlite, formhistory.sqlite, permissions.sqlite, places.sqlite, search.sqlite, signons.sqlite and webappsstore.sqlite.

Some of these Firefox SQLite files seem potential privacy give aways.
If they are not protected or purged after each browsing session.

What I also considered annoying with the original post was, that "WE" seemed to have found formhistory data. And that "WE" did not say in which profile the "insecure" data writing occurred. ccleaner does not support K-Meleon by default, so I suspected wrong attribution of the findings.

2.) No I did not know that about Google Apps. But using data bank format for such storage seems state of the art.

3.) Thanx for the link.


Greetings to Spain



Edited 2 time(s). Last edit at 03/15/2012 11:32AM by guenter.

BTW, the above was me, just unlogged in third party computers

The link is from the official site of the apps said by JamesD (I also told something about it a few months ago when I had to find something to edit cookies.sqlite file, as K-meleon crashes due its size)

Quote
JohnHell
BTW, the above was me, just unlogged in third party computers

The link is from the official site of the apps said by JamesD (I also told something about it a few months ago when I had to find something to edit cookies.sqlite file, as K-meleon crashes due its size)

1.)

2.) Wasn't there something about malformed cookies with an unusual length?

deadlock suggested a fix.

Greetings to Spain



Edited 1 time(s). Last edit at 03/15/2012 04:16PM by guenter.

Quote
JohnHell
(I also told something about it a few months ago when I had to find something to edit cookies.sqlite file, as K-meleon crashes due its size)

dom.storage.default_quota;0
dom.storage.enabled;false
browser.cache.offline.enable;false
browser.cache.offline.capacity;0
offline-apps.quota.max;0

browser.places.smartBookmarksVersion;1 not sure..

Maybe, guenter, you are referring to the one km2 is pointing to: dom.storage.enabled;false

This pref enables the "new cookies" and I place you to search info for them. Beyond its length, the bigger concern should be on privacy...

Anyway, Km2, I had all prefs as you pointed (except offline-apps.quota.max) but I still have the problem. If you search for my posts migrating from 1.1.6 to 1.6x you'll find my frustration.

And I said K-meleon crashes because its size, but... has no sense. My cookies.sqlite is only 133KB and I reject 100% of cookies. I only accept those for the sites I log on or need the feature (but I usually use session cookies for these). Siria, in the past, recommended to delete cookies.sqlite, but that didn't help, because, with the time, for whatever reason, k-meleon can handle cookies internally anymore :/

So, I use sqlitebrowser.



Edited 1 time(s). Last edit at 03/15/2012 07:16PM by JohnHell.

Ok. My fault. Wrong idea and bad memory. Greetings to Ukraine & Spain

I'm not saying that you are wrong , I was saying that "maybe" you were referring to them.

I don't remember that conversation or maybe I didn't even read it.

Quote
guenter
Firefox created it its profile folder: ...

fox create cookies.sqlite-journal yet, when profile is starting. At least 16-F3627 fire-up this file.

Quote
JohnHell
And I said K-meleon crashes because its size, but... has no sense. My cookies.sqlite is only 133KB and I reject 100% of cookies.

Don't know about cookies size, cos don't use 3d party plugs for managing cookies, only builtin one(with "allow for session" prefs) and size for cookies.sqlite - 2kb(static for 16-F3627)..

Maybe this crashes somehow in-line with history and sessions plugins.

Actually you can delete some sqlite file and create folder with the same name(*.sqlite)..

Cheers to Deutschland.