I demand that DeMoN LaG may or may not have written...
>[EMAIL PROTECTED] (Juan Tamad) wrote in [EMAIL PROTECTED]">news:[EMAIL PROTECTED], on 27
>Nov 2001:
>
>>I think the original poster is using Windows so he would be having a different path.
>The weird name you are talking about is it the one with the .slt extension, if it is
>then they called it the salt directory or something like that it has something to do
>with security(like to prevent webpages from knowing where your actual profile is to
>prevent unauthorized access). =)
>>
>I like the .slt'ing. It's purpose, I believe, is to make it impossible for any
>program or web site to have knowledge of where your profile (and with it, your cache,
>security, and prefs files) are. I suppose a local program could start in \documents
>and settings\<user name> and just recursively search every folder until it finds
>\mozilla\profiles\profile name\random.slt\pref.js, but even then it doesn't mean
>you've found the person who's profile you want to find's profile, it could be any
>profile
>
I think the purpose is to defeat an attack along these lines:
IE3 stored the cached copy of a web page in one of four locations:
C:\WINDOWS\Temporary Internet Files\cacheN\page.htm where N is 1-4 and
page.htm is usually the original page name. Now suppose the page
contained four IFRAMES which pointed to the four possible locations
(using a file: URL). Then one of the iframes would load from disk and
any script would immediately have local security i.e. no security at all.
