Closed Bug 729320 Opened 8 years ago Closed 6 years ago

IndexedDB: Provide some amount of storage without a prompt

Categories

(Core :: Storage: IndexedDB, defect)

defect
Not set
normal

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: khuey, Unassigned)

References

Details

We should provide some amount of storage (>= what localStorage provides) without a quota prompt.

I'd propose 10 MB without a prompt, with another prompt at 50 MB (as it is now) to enable unlimited storage.  I don't care too much about the numbers though.
I don't want to do this.

Once we allow X MB of storage it's easy for a website to multiply that and store largeNumber*X MB by spreading the data over multiple domains.

I'd much rather introduce non-permanent databases. I.e. databases that we are free to delete once we reach a total of X MB of non-permanent storage.
Sure, that's fine.

I think it's important to provide some amount of IndexedDB without a prompt though.
(In reply to Kyle Huey [:khuey] (khuey@mozilla.com) from comment #2)
> Sure, that's fine.
> 
> I think it's important to provide some amount of IndexedDB without a prompt
> though.

I agree, we can provide x megabytes of data without prompting, but allow firefox to clean it up. Prompting could make things more permanent.
(In reply to Jonas Sicking (:sicking) from comment #1)
> Once we allow X MB of storage it's easy for a website to multiply that and
> store largeNumber*X MB by spreading the data over multiple domains.
Do we see this in the wild with localStorage, or is this just theoretical?

> I'd much rather introduce non-permanent databases. I.e. databases that we
> are free to delete once we reach a total of X MB of non-permanent storage.
I recall there being discussion about this in the working group; did that ever get anywhere?

(In reply to Taras Glek (:taras) from comment #3)
> I agree, we can provide x megabytes of data without prompting, but allow
> firefox to clean it up. Prompting could make things more permanent.
Deleting user data is dangerous.  Having an explicit API for websites to get unprompted temporary space is much better than deciding to delete the data only to have the user go to the site soon after expecting it to be there.
Whiteboard: [secr:curtisk]
Component: DOM → DOM: IndexedDB
To complete secreview please see bug 744526 and answer the necessary questions
Whiteboard: [secr:curtisk] → [secr:curtisk:744526]
Whiteboard: [secr:curtisk:744526] → [sec-assigned:curtisk:744526]
There has been no movement on this since February; please request a new security review if this feature moves forward.
Status: NEW → UNCONFIRMED
Ever confirmed: false
Whiteboard: [sec-assigned:curtisk:744526]
Depends on: 785884
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.