WWDC Keynote: HTML5 wide open for On-Rev & revServer
alex at tweedly.net
Sat Jun 12 19:07:02 CDT 2010
I guess I'm missing something here .....
It seems that if I write a Rodeo app and it uses HTML5 local storage,
then there is a secuity issue because other Rodeo apps on the same
server might be able to access the user's data when stored locally on
But today I generally write desktop apps. The user's data is stored on
(usually) his local disk. And any other desktop app he chooses to
install can access that data. What's so different ?
On 08/06/2010 18:10, Mike Bonner wrote:
> Actually, I believe the following (from the provided link) is what is
> being referred to:
> 7.2 Cross-directory attacks
> Different authors sharing one host name, for example users hosting
> content on geocities.com, all share one local storage object. There is
> no feature to restrict the access by pathname. Authors on shared hosts
> are therefore recommended to avoid using these features, as it would
> be trivial for other authors to read the data and overwrite it.
> Even if a path-restriction feature was made available, the usual DOM
> scripting security model would make it trivial to bypass this
> protection and access the data from any path.
> On Tue, Jun 8, 2010 at 10:36 AM, Jerry Daniels<jerry.daniels at me.com> wrote:
>> Not so. No.
>> Each developer has own space. If developer INVITES someone in...as a
>> teammate, then they share.
>> Vampire rules. Need an invite to join another developer.
>> Jerry Daniels
>> Follow the Rodeo discussion:
>> On Jun 8, 2010, at 11:19 AM, Robert Mann wrote:
>>> For Rodéo apps, if each user shares a space on a common shared server,
>>> all the local datas of user X are accessible to all different rodeo apps,
>>> far I understood. Not reassuring!
>> use-revolution mailing list
>> use-revolution at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
More information about the use-livecode