Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make "site storage quota" less susceptible to side-channel attacks #70

Open
annevk opened this issue May 20, 2019 · 1 comment
Open

Make "site storage quota" less susceptible to side-channel attacks #70

annevk opened this issue May 20, 2019 · 1 comment
Labels
security/privacy There are security or privacy implications

Comments

@annevk
Copy link
Member

annevk commented May 20, 2019
edited
Loading

It's (somewhat encouraged to be) a global limit and as @tomvangoethem has pointed out, this can lead to cross-origin leaks (XSLeaks).

This relates to #31, but that focuses more on "site storage usage".

cc @whatwg/security

(Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1552848.)
@annevk annevk added the security/privacy There are security or privacy implications label May 20, 2019
@asutherland asutherland mentioned this issue May 20, 2019
Open
@annevk
Copy link
Member Author

annevk commented May 21, 2019

(I removed a suggested approach from OP as it would only address fingerprinting. I recommend reading the Firefox bug for now for more considered approaches.)

@annevk annevk mentioned this issue Jun 15, 2020
Closed
3 tasks
annevk added a commit that referenced this issue Jul 6, 2020
@annevk
Make it clear that quota is not supposed to be a function of availabl…
fb25e93 
…e space

Also make it clear usage and quota for storage shelves are ultimately implementation-defined.

Helps with #95 and #70.

Closes #106.
@annevk annevk mentioned this issue Jul 6, 2020
Merged
annevk added a commit that referenced this issue Jul 6, 2020
@annevk
Quota is not supposed to be a function of available space
8ac1635 
Also make it clear usage and quota for storage shelves are ultimately implementation-defined.

Helps with #95 and #70.

Closes #106.
annevk added a commit that referenced this issue Jul 8, 2020
@annevk
Quota is not supposed to be a function of available space
9c83296 
Also make it clear usage and quota for storage shelves are ultimately implementation-defined.

Helps with #95 and #70.

Closes #106.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security/privacy There are security or privacy implications
Milestone
No milestone
Development

No branches or pull requests
1 participant
@annevk