Is it safe to use `.data` folder to store (sensitive) database files


#1

I love that Glitch allows us to write files to the file system. That way I was able to create an example Hoodie app which even persists user data, and people can remix it and it works out of the box for them, without any configuration :clap:

Now I’m not sure about the .data folder. On the one side I keep reading that you recommend it to store your database files there, on the other side you say that the .data folder is readable by others.

But I can’t see the .data folder in my side bar, not even when signed in. Even if I know the location of a file, I can’t open it, for example: https://glitch.com/edit/#!/hoodie?path=.data/data/hack.json:1:0

So I’m not sure if I can recommend people to use Glitch to experiment with Hoodie or not, because I’m not sure if it’s only a bug that keeps their sensitive database files from being exposed to everyone.

Can you please clarify that, maybe also in the FAQ?


#2

The design intention is that .data/ should be secure for storing data specific to your app, like a local database. There’s currently a bug which is an irregularity with how we handle files created in the .data/ folder from the editor. If you create a file in the .data/ folder from the editor then it will appear in the editor until the container restarts and other people viewing the editor can see it. This shouldn’t affect files created from your application code.

There’s some other edge cases with editing files in the editor created from your application or console that we hope to fix soon:tm:.

tldr; if your app creates a database file in the .data/ folder it should be safe to remix. Don’t create file in .data/ from the editor to avoid any weirdness. We have plans to fix up these edge cases in the future.

Hope this helps and if you notice anything that doesn’t match with this description please let us know so we can fix it or bump up the priority on tying up these loose ends :slight_smile: