I guess I'm missing something here .....
It seems that if I write a Rodeo app and it uses HTML5 local storage,
then there is a secuity issue because other Rodeo apps on the same
server might be able to access the user's data when stored locally on
his machine.
But today I generally write desktop apps. The user's data is stored on
(usually) his local disk. And any other desktop app he chooses to
install can access that data. What's so different ?
-- Alex.
On 08/06/2010 18:10, Mike Bonner wrote:
Actually, I believe the following (from the provided link) is what is
being referred to:
7.2 Cross-directory attacks
Different authors sharing one host name, for example users hosting
content on geocities.com, all share one local storage object. There is
no feature to restrict the access by pathname. Authors on shared hosts
are therefore recommended to avoid using these features, as it would
be trivial for other authors to read the data and overwrite it.
Even if a path-restriction feature was made available, the usual DOM
scripting security model would make it trivial to bypass this
protection and access the data from any path.
On Tue, Jun 8, 2010 at 10:36 AM, Jerry Daniels<[email protected]> wrote:
Not so. No.
Each developer has own space. If developer INVITES someone in...as a
teammate, then they share.
Vampire rules. Need an invite to join another developer.
Best,
Jerry Daniels
Follow the Rodeo discussion:
http://rodeoapps.com/rodeo-discuss-among-yourselves
On Jun 8, 2010, at 11:19 AM, Robert Mann wrote:
For Rodéo apps, if each user shares a space on a common shared server,
than
all the local datas of user X are accessible to all different rodeo apps,
So
far I understood. Not reassuring!
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
