- From: Arthur Barstow <art.barstow@nokia.com>
- Date: Mon, 17 Jan 2011 08:16:58 -0500
- To: public-webapps <public-webapps@w3.org>
- Message-ID: <4D34414A.6010600@nokia.com>
Hixie recently mentioned to me the following paper from UC Berkeley that includes some analysis of the Web Storage [webstorage] and HTML5 Web Messaging [webmessaging] specs. The Abstract: [[ http://www.eecs.berkeley.edu/~sch/w2sp2010ena.pdf Several new browser primitives have been pro- posed to meet the demands of application interactivity while enabling security. To investigate whether applications consistently use these primitives safely in practice, we study the real-world usage of two client-side primitives, namely postMessage and HTML5's client-side database storage. We examine new purely client-side communication protocols layered on postMessage (Facebook Connect and Google Friend Connect) and several real-world web applications (including Gmail, Buzz, Maps and others) which use client- side storage abstractions. We find that, in practice, these abstractions are used insecurely, which leads to severe vulnerabilities and can increase the attack surface for web applications in unexpected ways. We conclude the paper by offering insights into why these abstractions can potentially be hard to use safely, and propose the economy of liabilities principle for designing future abstractions. The principle recommends that a good design for a primitive should minimize the liability that the user undertakes to ensure application security. ]] I mention this in case this article identifies issues the specs should or must address. -Art Barstow [webstorage] http://dev.w3.org/html5/webstorage/ [webmessaging] http://dev.w3.org/html5/postmsg/
Received on Monday, 17 January 2011 13:17:29 UTC