Symbols, Protocols, Frames, and Versioning
brendan at mozilla.org
Wed Oct 3 17:06:10 PDT 2012
David Bruant wrote:
> Unforgeability can be given up, but you end up with global namespaces.
> new Symbol("21fef4ae-1439-4b6a-b412-3585906b35f1"); or
This is no better than dunder-iterator (I mean '__iterator__', I just
like typing dunder- ;-), or just 'iterator' (what Firefox uses currently).
> I've faced an equivalent problem recently, so I wish to take this
> occasion to share an idea on how to fix the awful security policy of
> local storage.
> An alternative design would be that instead of defaulting to Same-Origin
> Policy, we'd say that storages are only available initially to those who
> create it and who the creator shared it with.
Ocap, yay! [sincere here]
> var s = new Storage();
> s.secret; // serializable identifier
> // send the identifier to anywho is trusted like another frame or a
> // in another frame/tab/window (of the same browser obviously)
> var s = Storage.get(secret);
> // same storage regardless of the origin
> Trust domain is no longer "Same-Origin" but rather "whoever knows the
> secret id *regardless* of the origin". The secret can even be hidden
> from same-origin pages. Useful when webservers hosts content from
> different people; at my school, people had
> http://www.enseirb-matmeca.fr/~bruant addresses. Creating one page, I
> could have stolen the local storage of my school domain anytime.
Yes, old prob with same-origin. Remember jwz.livejournal.com? The fix
costs in subdomains.
BTW I am speaking on "The Same-Origin Saga" at AppSecUSA 2012 in Austin
on the 26th:
I'll have a look at your Extorage thing when able, thanks for the link.
> makes the feature basically unusable for such cases.
> It's the global identifier pattern. Local storage secrets needs to
> transfered from server to client to recover the storage securely. Of
> course, the secret needs to be sent over HTTPS :-)
> The private symbol has been replaced by a storage instance, but it's the
> same problem, I think.
> For that matter, I've started a prototype implementation . I have all
> ideas straight, but the prototype isn't functional yet. I need to hack
> on DNS (which I know nothing about); if anyone is interested in helping
> on that, I'll be happy of the help.
>  https://github.com/DavidBruant/Extorage/tree/draft
> es-discuss mailing list
> es-discuss at mozilla.org
More information about the es-discuss