Re: [w3c/IndexedDB] Grant access to other origins (#60)

To address the privacy/security concerns of apps snooping or vandalizing shared storage at will (while avoiding the full complexity of my earlier proposal), a simple implementation beginning could be to forego permitting doorhanger requests for access (which might itself lead to some degree of abuse) and simply require a site to be whitelisted within preferences in order to gain any access to shared storage, optionally requiring access be designated only for a particular database (though ideally with an optionally higher privilege allowing arbitrary access of shared storage databases as well as enumeration of database names on shared storage (on top of #31)). Readonly access support be added later and to avoid interoperability problems, upgrade transactions could be prevented beyond the first version (a site needing to start over with their shared format could bake a version (as well as optional namespacing) into the database name itself and require users to whitelist the new database to do any migration of content, providing interoperability with other sites).

Progressively-minded sites that provided an option to their users for such shared storage would help the user avoid the need to continually export and import their data in order to gain the freedom to choose between multiple sites for reading/altering their data (assuming a site even feels pressure nowadays to allow for this) without any site being a sole gate-keeper of the user's data.

The benefits of full user control (of which apps are allowed to access which data) inherent in the typical desktop file system along with the benefits of the web in expanded choices and live updated software, as well as the absence of the dangers of executable installation would thus be joined together.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/IndexedDB/issues/60#issuecomment-282170761