Re: Web Storage - atomic writes from Ian Hickson on 2015-02-02 (www-archive@w3.org from February 2015)

From: Ian Hickson <ian@hixie.ch>
Date: Mon, 2 Feb 2015 02:58:27 +0000 (UTC)
To: James Calfee <james@jcalfee.info>
cc: www-archive@w3.org
Message-ID: <alpine.DEB.2.00.1502020229320.25983@ps20323.dreamhostps.com>

On Sun, 14 Dec 2014, James Calfee wrote:
>
> Thank you for addressing atomic write and remove in the Web Storage 
> proposal.  I'm curious how one might go about requesting that we close 
> this loop-hole:
> 
> http://www.w3.org/TR/webstorage/#the-storage-interface "This 
> specification does not require that the above methods wait until the 
> data has been physically written to disk"
> 
> Will there be a proposed *commit* method?

The specification doesn't require that the device have a disk, that 
storage be persistent, or really anything else regarding where the data 
goes. So it would be hard to require specific commit behaviour.


> I'm asking because I am a open source programmer for blockchain wallets. 
> These involve valuable assets and there is a large demand to store the 
> private information in local storage.

localStorage, Web Indexed DB, and other storage mechanisms in browsers 
(like cookies) aren't reliable enough for storing valuable data. You 
should assume that browsers run in ephemeral environments that can be 
destroyed without warning. If you have data that needs to be stored 
securely, you should store it in the cloud on a server that's backed up.


> As the proposal stands, I'm thinking I need to recommend a "hack" that 
> the user should restart the browser before sending significant funds to 
> a wallet stored in local storage.  I just want to be completely safe as 
> I don't want the liability of reporting that a private key was saved 
> when it really was not.

Consider this: https://www.youtube.com/watch?v=lm-Vnx58UYo


> I would appreciate feedback on the topic.  It would be better if your 
> feedback were public so I can link to it from my project.

This e-mail should be available at:
   http://lists.w3.org/Archives/Public/www-archive/2015Jan/0005.html

HTH,
-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Monday, 2 February 2015 02:58:52 UTC