- From: Brian Kardell <bkardell@gmail.com>
- Date: Tue, 18 Sep 2012 05:01:23 -0700
- To: Ian Hickson <ian@hixie.ch>
- Cc: whatwg@whatwg.org
On Sep 17, 2012 8:22 PM, "Ian Hickson" <ian@hixie.ch> wrote: > > On Mon, 17 Sep 2012, Brian Kardell wrote: > > > > Ian, you hit the nail on the head with the text section that raised the > > issue but I still am not entirely sure that I understand... Doesn't this > > imply that in a case like *.wordpress.com would have a (suggested) limit > > of 5mb combined for all of its tons and tons of subdomains (at least > > without additional/constant prompting)? > > It wouldn't be "constant" prompting, but yes, the spec does suggest that > if you visit a dozen WordPress-hosted blogs and they all try to load a > bunch of content onto your machine, you should probably have to give > consent or at least be aware of what's going on. > I think I may be starting to fill in my mental gap here, thanks for your patience. I think you are saying that each subdomain does get a seperate area, but the spec encourages prompt or at least informative communication to the user to prevent at least obvious misuse and runaway scenarios. Specifically what degree to which they do that are left up to implementations...is that correct? > > There are a whole lot of what I would call "common" examples like where > > it seems (to me anyway) unintuitive given the regularity with which this > > kind of case would happen to think that that is what is actually > > proposed. > > What's the alternative? Allowing any site to overload your machine with > infinite amounts of content isn't really a viable solution. > Blindly, sure, that could be a problem. If a user can grant permission for more to a particular domain explicitly, that is mostly mitigated I think. If I understand, that is the idea with the subdomains limitations. I will have to do some more searching to find the conversations I might have missed as I expect this was all discussed a while back and in following so many lists I am just missing a few key points. > > I can understand blocking access to that data pretty easily, but with > > postMessage, being in the same top-level domain doesn't even matter so > > it seems that one could just as easily "subvert the limit" that way. > > The difference is that getting a new domain costs money, whereas getting a > subdomain does not. So the cost of attacking someone with subdomains is > much lower than with domains. > > > > I think it isn't really implemented that way anywhere though, is it? > > That is, do browsers really share the limit across subdomains like > > that... > > If they do not, they are likely vulnerable to this kind of griefing. It would be great if some ms, moz, opera and webkit variant folks could chime in with any helpful implementaion details so we could understand the emerging rationales about how this is being managed effectively, it might even flesh out additional notes that could be added to the doc. In the very least it would be in the archives for future searches. > -- > Ian Hickson U+1047E )\._.,--....,'``. fL > http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. > Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 18 September 2012 12:02:01 UTC