On Wed, Jul 29, 2009 at 5:51 AM, Jeremy Orlow<[email protected]> wrote: > On Tue, Jul 28, 2009 at 9:30 PM, Peter Kasting <[email protected]> > wrote: >> >> On Tue, Jul 28, 2009 at 9:23 PM, Mike Beltzner <[email protected]> >> wrote: >>> >>> All we're doing at this point is preventing malicious applications from >>> eating up disk, really. >> >> Yep, I agree (although that may no longer be true in a few years as web >> apps grow in power and complexity). >>> >>> In the world of normal applications, you basically give them arbitrary >>> permission to use your disk, but the good ones write some requirements ahead >>> of time like "requires 200 MB free hard drive space" and warn you at install >>> if you're below that. Can we make the UI more like that, where you make a >>> single trust decision up front? Yes an app can lie, but normally-installed >>> apps can lie too. Can we provide enough ranking and feedback somewhere to >>> make this decision easier on users? For example, "57% of users chose to >>> install <foo.com>, and gave it an average rating of 2.3 stars." >>> >>> Oooh, web of trust. There are some flaws. :) >>> I do think the right answer here is to only get the user involved when >>> the case seems pathological. Most uses of localStorage will be for "better >>> than cookies," I suspect. >> >> One case I'm trying to prevent is getting separate requests, at different >> times, from the same app. You get some up-front query about desktop >> shortcuts, and then a query five minutes later about using your camera, and >> then a year later about going over 5 MB of storage, and so on. Sucky. >> Really all I care about is an up-front "let this do whatever the heck it >> wants" versus "no thanks". > > Another thing to consider is that, if our limits are per-origin (what > most implementations use IIRC), a malicious attacker could easily use lots > of host names (i.e. host1.bad-site.com through host10000000.bad-site.com) to > still fill things up. > I'm starting to wonder if some sort of web of trust or black list type > solution is the only way to avoid users getting DOSed.
There was a nice paper at SOUPS about doing this for firewall rules: http://cups.cs.cmu.edu/soups/2009/proceedings/a5-goecks.pdf Slides: http://cups.cs.cmu.edu/soups/2009/slides/a5-goecks-post.ppt > J --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
