Security/Reviews/Platform/LargeFilesForIndexedDB
- Items to be reviewed
attending: dveditz, bent, janv, Jonas, khuey
Contents
Introduce Feature (5-10 minutes)
We need the ability to store large blobs. The easiest way to do this is by key in an IndexedDB. Storing Files/Blobs in indexedDB is going to be our story for client-side storage of files in general. A couple of simple examples are offline gmail where you'd store attachments in the form of Blobs in indexedDB, and games, where you'd store things like textures and similar things as Blobs in indexedDB.
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
The primary goal is to enable storing of files in indexedDB. We wanted to implement some kind of sharing between files if a file is stored in a database multiple times.
What solutions/approaches were considered other than the proposed solution?
Basically Blob IO and Disk IO Blob IO means to store blobs in a database, for example SQLite and Disk IO means to store blobs as native os files.
Why was this solution chosen?
Blob IO is fast or faster only for small blobs, like 2KB and there are other performance problems with storing big files in a database.
Any security threats already considered in the design and why?=
- cross-origin data mixups addressed by creating separate databases in separate per-origin directories
- permission and quota is per origin (scheme-host-port), and multiple sub-domains will each have to ask for permission
Threat Brainstorming (30-40 minutes)
- space DoS: 4K blocks x 1byte files == way more than 50MB quota
- any worry about exhausting inodes? Depending on quota size 12.5K files vs 50Million.
- multiply by multiple domains in coordinated DoS attack?
- each one will have to ask for permission to use space
- within the profile indexdb directories and files have predictable hashed names, but if someone can read files from the profile we're already in trouble (passwords, sessionstore.js, etc)
Conclusions / Action Items (10-20 minutes)
- [janv] make sure quota counting for files/blobs is rounded up to 4K multiples to roughly account for disk block sizes.
