PaulSpoerry.com

Social Media, technology, and geeky stuff for your brain.

  • Home
  • About
    • Privacy Policy
  • Categories
    • Google+ Posts
    • Site news
    • Tech
      • Android
      • Apple
      • Chrome
      • Gadgets
      • Hacking
      • Linux
      • OSX
      • Privacy
      • Web Life
        • Bittorrent
        • Facebook
        • FireFox
        • GMail
        • Google
        • Google+
        • Twitter
        • WordPress
        • Windows
          • Windows 7
    • Google+: Getting Started Guides
    • Games
    • Meditation
    • Politics
    • Science
    • That’s freakin hilarious
  • Code
    • FreeImageZoom
    • Post Editor for Google+™
    • The Plus Editor
  • Contact
You are here: Home / Tech / GMail / Offline GMail: Is it secure?

Offline GMail: Is it secure?

January 29, 2009 by Paul Spoerry Leave a Comment

Google Gears LogoGmail finally provided “offline” mode via Google Gears. So when Gears is enabled you can access your Gmail from your browser any time… even when you’re not online! Ok so that’s cool… but where does it store the data and is the data secure?

When a website attempts to interact with a gears datastore it uses uses the same origin policy as its underlying security model. In a nutshell, the policy permits scripts running on pages originating from the same site to access each other’s methods and properties with no specific restrictions — but prevents access to most methods and properties across pages on different sites. This means that a web page with a particular scheme, host, and port can only access resources with the same scheme, host, and port.

This means a site using Gears:

  • Database: Can only open databases created for that site’s origin.
  • LocalServer: Can only capture URLs and use manifests from the site’s origin.

The data is stored locally using a SQLite database. The downer is that your data within this database is NOT encrypted. Gears data files are protected with the user’s operating system login credentials. Users with separate login names cannot access each other’s Gears data files… but this is only enforced by the operating system.

If two users are sharing the same login to the operating system they could theoretically access each other’s Gears data files, just as they could access any other file on the machine.

UPDATE:

If you’d like to know where GMail’s datastores are located you can find them here:

Windows Vista

  • Internet Explorer: C:\Users\<user>\AppData\LocalLow\Google\Google Gears for Internet Explorer
  • Firefox: Database files are stored in the user profile directory. C:\Users\<user>\AppData\Local\Mozilla\Firefox\Profiles\{PROFILE}.default\Google Gears for Firefox
  • Google Chrome: Database files are stored in the user profile directory. C:\Users\<user>\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears

Windows XP

  • Internet Explorer: C:\Documents and Settings\<user>\Local Settings\Application Data\Google\Google Gears for Internet Explorer
  • Firefox: Database files are stored in the user profile directory. C:\Documents and Settings\<user>\Local Settings\Application Data\Mozilla\Firefox\Profiles\{PROFILE}.default\Google Gears for Firefox
  • Google Chrome: Database files are stored in the user profile directory. C:\Documents and Settings\<user>\Local Settings\Application Data\Google\Chrome\User Data\Default\Plugin Data\Google Gears

Mac OS X

  • Firefox: Database files are stored in the user profile directory. Users/<user>/Library/Caches/Firefox/Profiles/{PROFILE}.default/Google Gears for Firefox
  • Safari: ~/Library/Application Support/Google/Google Gears for Safari

Linux Firefox: Database files are stored in the user home directory. <user>/.mozilla/firefox/{PROFILE}.default/Google Gears for Firefox

Microsoft Windows Mobile Internet Explorer: Database files are stored in the Application Data directory. \Application Data\Google\Google Gears for Internet Explorer

Filed Under: GMail, Google, iGoogle, Privacy, Tech, Web Life Tagged With: gmail, google, google gears, how, Privacy

About Paul Spoerry

I’m a groovy cat who’s into technology, Eastern Thought, and house music. I’m a proud and dedicated father to the coolest little guy on the planet (seriously, I'm NOT biased). I’m fascinated by ninjas, the Internet, and anybody who can balance objects on their nose for long periods of time.

I have a utility belt full of programming languages and a database of all my knowledge on databases... I practice code fu. Oh, I've also done actual Kung Fu, and have a black belt in Tae Kwon Do.

I run. I meditate. I dance. I blog at PaulSpoerry.com, tweet @PaulSpoerry, and I'm here on Google+.

I'm currently work for IBM developing web enabled insurance applications for IBM and support and develop a non-profit called The LittleBigFund.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copyright © 2023 · Epik on Genesis Framework · WordPress · Log in