Hi i solved my proble for my add-on but i get in a new problem!
my add-on call a file from an url
HOW to block acces to tha file to prevent users to download or access??
if i add an .htaccess like:
Order Allow,Deny
Deny from all
<files dburl.dat>
order allow,deny
deny from all
</files>
to the rot folder of the file, my add-on doesn’t work anymore :s
If your extension can load it a user can load it. You can do things like require authentication or similar, however a user could just look at how your extension gets access to the file. Or copy the result from the network inspector when the extension loads it etc.
You could of course block access to it with your extension after you’ve loaded it…
i would like to say again THANKS a lot for all the time 
and help you was providing me !!!
how can i achieve that:
“course block access to it with your extension after you’ve loaded it”
“like require authentication or similar”
The same way you block other requests. By checking the request and blocking it.
And if i add my file url to the manifest.json and then block the folder in the htaccess?
"permissions":[
"http://url.com/folder/dburl.dat",You shouldn’t need another permission for it, based on all the permissions you already declare. This would be included in both <all_urls> and http://*/* or https://*/*(I hope you sue HTTPS?)
yes its https for my website
SOLVED !! i put the db in another domain name, then blacklisted that domain so, add-on can access to the db, but not the users