WebAPI/Security/indexDB: Difference between revisions
Jump to navigation
Jump to search
(Created page with "==indexDB API== References: http://www.w3.org/TR/IndexedDB/ Brief purpose of API: Implementation of W3C spec for indexDB General Use Cases: Storage mechanism for apps. Threa...") |
No edit summary |
||
(One intermediate revision by one other user not shown) | |||
Line 1: | Line 1: | ||
== | ==IndexedDB API== | ||
References: | References: | ||
http://www.w3.org/TR/IndexedDB/ | http://www.w3.org/TR/IndexedDB/ | ||
Brief purpose of API: Implementation of W3C spec for | Brief purpose of API: Implementation of W3C spec for IndexedDB | ||
General Use Cases: Storage mechanism for apps. | General Use Cases: Storage mechanism for apps. | ||
Line 34: | Line 34: | ||
__NOTOC__ | __NOTOC__ | ||
[[Category:Web APIs]] | |||
[[Category:Security]] |
Latest revision as of 23:43, 1 October 2014
IndexedDB API
References: http://www.w3.org/TR/IndexedDB/
Brief purpose of API: Implementation of W3C spec for IndexedDB
General Use Cases: Storage mechanism for apps.
Threat severity: Low
Regular web content (unauthenticated)
Use cases for unauthenticated code: Store stuff
Authorization model for normal content: Implicit (quota enforced)
Authorization model for installed content: Implicit (no quota)
Potential mitigations: Besides quota, user should be able to use consumption controls to monitor app storage usage.
Privileged (approved by app store)
Use cases for privileged code: Same
Authorization model: Implicit
Potential mitigations: Same
Certified (system-critical apps)
Use cases for certified code: Same
Authorization model: Implicit
Potential mitigations: Same