[whatwg] origin+path namespacing and security

[branching off from discussion on "SharedWorkers and 
the name parameter"]

Ian Hickson wrote:
> On Sun, 16 Aug 2009, Mike Wilson wrote:
> > Drew Wilson wrote:
> > > [...] the SharedWorker name becomes 
> > > essentially a shared global namespace across all 
> > > pages in a single origin. This causes problems 
> > > when you have multiple pages under the same domain 
> > > (ala geocities.com) - the pages all need to 
> > > coordinate in their use of "name".
> > 
> > I agree with you that this is a problem, and the 
> > same problem exists in WebStorage (storage areas are 
> > set up per origin). F ex, the sites 
> > http://www.google.com/calendar and 
> > http://www.google.com/reader, and every other site 
> > based off www.google.com will compete for the same 
> > keys in one big shared storage area.
> > 
> > It seems lately everything is being based on having 
> > unique host names, and path is not being considered 
> > anymore, which I think it should.
> 
> The reason it's not is that it would mislead people 
> into thinking that you could do things safely based 
> just on the path, which you can't. A script could 
> trivially poke into another path's databases or cookies, 
> e.g.

I see what you mean. The ideal thing would be if we 
could implement path-based security with the same 
construct that adds path-based namespacing.

I realize the problem of backwards-compat, but have 
there been any efforts or definitive conclusions made
in this area?

Best regards
Mike

Received on Friday, 28 August 2009 00:25:25 UTC