WebAPI/Security/indexDB: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Created page with "==indexDB API== References: http://www.w3.org/TR/IndexedDB/ Brief purpose of API: Implementation of W3C spec for indexDB General Use Cases: Storage mechanism for apps. Threa...")
 
No edit summary
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
==indexDB API==
==IndexedDB API==


References:
References:
http://www.w3.org/TR/IndexedDB/
http://www.w3.org/TR/IndexedDB/


Brief purpose of API: Implementation of W3C spec for indexDB
Brief purpose of API: Implementation of W3C spec for IndexedDB


General Use Cases: Storage mechanism for apps.
General Use Cases: Storage mechanism for apps.
Line 34: Line 34:


__NOTOC__
__NOTOC__
[[Category:Web APIs]]
[[Category:Security]]

Latest revision as of 23:43, 1 October 2014

IndexedDB API

References: http://www.w3.org/TR/IndexedDB/

Brief purpose of API: Implementation of W3C spec for IndexedDB

General Use Cases: Storage mechanism for apps.

Threat severity: Low

Regular web content (unauthenticated)

Use cases for unauthenticated code: Store stuff

Authorization model for normal content: Implicit (quota enforced)

Authorization model for installed content: Implicit (no quota)

Potential mitigations: Besides quota, user should be able to use consumption controls to monitor app storage usage.

Privileged (approved by app store)

Use cases for privileged code: Same

Authorization model: Implicit

Potential mitigations: Same

Certified (system-critical apps)

Use cases for certified code: Same

Authorization model: Implicit

Potential mitigations: Same