Hi All!!! I wanted to find out that how does firefox access the certificates stored in the certificate database. It uses the NSS/NSPR package for implementing SSL communication but does not employ the certificate database, the use of which is almost mandated by the package...
I wished to do away with a "separate certificate database", embedding it into some kind of file so that it is accessible to the API but not to some "unwanted company" that cracks into my system... I wanted to know what does firefox do with the key3.db, cert8.db and secmod.db files??? They're not there in the files that are installed as a part of the firefox package.. I want to know how does mozilla manage and access the stored certificates for use by the underlying API... I found out where the files are... A profile stores your settings, extensions, bookmarks and so on. Thunderbird & Mozilla use them too. More information available at http://support.mozilla.com/kb/Profiles This is where the cert8.db, key3.db, and secmod.db files are stored.. I have a question though... what if somebody cracked his way into a server and gained access to these files?? It will then be only a matter of time before a brute force program would be able to siphon off the details of the certificates in the certificate database.... I fully understand that NSS provides SSL-secured communication and SSL provides end-to-end security.. What happens beyond that is the owners' headache... But does it not pose a potential security risk??? Are there any ways to get around the problem? _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
