Closed
Bug 729320
Opened 13 years ago
Closed 11 years ago
IndexedDB: Provide some amount of storage without a prompt
Categories
(Core :: Storage: IndexedDB, defect)
Core
Storage: IndexedDB
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: khuey, Unassigned)
References
Details
We should provide some amount of storage (>= what localStorage provides) without a quota prompt.
I'd propose 10 MB without a prompt, with another prompt at 50 MB (as it is now) to enable unlimited storage. I don't care too much about the numbers though.
I don't want to do this.
Once we allow X MB of storage it's easy for a website to multiply that and store largeNumber*X MB by spreading the data over multiple domains.
I'd much rather introduce non-permanent databases. I.e. databases that we are free to delete once we reach a total of X MB of non-permanent storage.
Reporter | ||
Comment 2•13 years ago
|
||
Sure, that's fine.
I think it's important to provide some amount of IndexedDB without a prompt though.
Comment 3•13 years ago
|
||
(In reply to Kyle Huey [:khuey] (khuey@mozilla.com) from comment #2)
> Sure, that's fine.
>
> I think it's important to provide some amount of IndexedDB without a prompt
> though.
I agree, we can provide x megabytes of data without prompting, but allow firefox to clean it up. Prompting could make things more permanent.
Comment 4•13 years ago
|
||
(In reply to Jonas Sicking (:sicking) from comment #1)
> Once we allow X MB of storage it's easy for a website to multiply that and
> store largeNumber*X MB by spreading the data over multiple domains.
Do we see this in the wild with localStorage, or is this just theoretical?
> I'd much rather introduce non-permanent databases. I.e. databases that we
> are free to delete once we reach a total of X MB of non-permanent storage.
I recall there being discussion about this in the working group; did that ever get anywhere?
(In reply to Taras Glek (:taras) from comment #3)
> I agree, we can provide x megabytes of data without prompting, but allow
> firefox to clean it up. Prompting could make things more permanent.
Deleting user data is dangerous. Having an explicit API for websites to get unprompted temporary space is much better than deciding to delete the data only to have the user go to the site soon after expecting it to be there.
Updated•13 years ago
|
Keywords: sec-review-needed
Updated•13 years ago
|
Whiteboard: [secr:curtisk]
Reporter | ||
Updated•13 years ago
|
Component: DOM → DOM: IndexedDB
To complete secreview please see bug 744526 and answer the necessary questions
Updated•13 years ago
|
Whiteboard: [secr:curtisk] → [secr:curtisk:744526]
Updated•13 years ago
|
Whiteboard: [secr:curtisk:744526] → [sec-assigned:curtisk:744526]
Comment 6•12 years ago
|
||
There has been no movement on this since February; please request a new security review if this feature moves forward.
Status: NEW → UNCONFIRMED
Ever confirmed: false
Keywords: sec-review-needed
Whiteboard: [sec-assigned:curtisk:744526]
Reporter | ||
Updated•11 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•