hixie: Add a note about it being important that data get deleted promptly. (whatwg r3649)

hixie: Add a note about it being important that data get deleted
promptly. (whatwg r3649)

http://dev.w3.org/cvsweb/html5/webstorage/Overview.html?r1=1.64&r2=1.65&f=h
http://html5.org/tools/web-apps-tracker?from=3648&to=3649

===================================================================
RCS file: /sources/public/html5/webstorage/Overview.html,v
retrieving revision 1.64
retrieving revision 1.65
diff -u -d -r1.64 -r1.65
--- Overview.html 17 Aug 2009 02:15:16 -0000 1.64
+++ Overview.html 17 Aug 2009 23:01:55 -0000 1.65
@@ -265,7 +265,8 @@
  <li><a href="#privacy"><span class="secno">6 </span>Privacy</a>
   <ol>
    <li><a href="#user-tracking"><span class="secno">6.1 </span>User tracking</a></li>
-   <li><a href="#cookie-resurrection"><span class="secno">6.2 </span>Cookie resurrection</a></ol></li>
+   <li><a href="#cookie-resurrection"><span class="secno">6.2 </span>Cookie resurrection</a></li>
+   <li><a href="#sensitivity-of-data"><span class="secno">6.3 </span>Sensitivity of data</a></ol></li>
  <li><a href="#security"><span class="secno">7 </span>Security</a>
   <ol>
    <li><a href="#dns-spoofing-attacks"><span class="secno">7.1 </span>DNS spoofing attacks</a></li>
@@ -749,7 +750,11 @@
   separately from data in HTTP session cookies, then users are likely
   to delete data in one and not the other. This would allow sites to
   use the two features as redundant backup for each other, defeating a
-  user's attempts to protect his privacy.<h2 id="security"><span class="secno">7 </span>Security</h2><h3 id="dns-spoofing-attacks"><span class="secno">7.1 </span>DNS spoofing attacks</h3><p>Because of the potential for DNS spoofing attacks, one cannot
+  user's attempts to protect his privacy.<h3 id="sensitivity-of-data"><span class="secno">6.3 </span>Sensitivity of data</h3><p>User agents should treat persistently stored data as potentially
+  sensitive; it's quite possible for e-mails, calendar appointments,
+  health records, or other confidential documents to be stored in this
+  mechanism.<p>To this end, user agents should ensure that when deleting data,
+  it is promptly deleted from the underlying storage.<h2 id="security"><span class="secno">7 </span>Security</h2><h3 id="dns-spoofing-attacks"><span class="secno">7.1 </span>DNS spoofing attacks</h3><p>Because of the potential for DNS spoofing attacks, one cannot
   guarantee that a host claiming to be in a certain domain really is
   from that domain. To mitigate this, pages can use SSL. Pages using
   SSL can be sure that only pages using SSL that have certificates

Received on Monday, 17 August 2009 23:02:55 UTC