WebAPI/Security/indexDB

From MozillaWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

IndexedDB API

References: http://www.w3.org/TR/IndexedDB/

Brief purpose of API: Implementation of W3C spec for IndexedDB

General Use Cases: Storage mechanism for apps.

Threat severity: Low

Regular web content (unauthenticated)

Use cases for unauthenticated code: Store stuff

Authorization model for normal content: Implicit (quota enforced)

Authorization model for installed content: Implicit (no quota)

Potential mitigations: Besides quota, user should be able to use consumption controls to monitor app storage usage.

Privileged (approved by app store)

Use cases for privileged code: Same

Authorization model: Implicit

Potential mitigations: Same

Certified (system-critical apps)

Use cases for certified code: Same

Authorization model: Implicit

Potential mitigations: Same

Retrieved from "https://wiki.mozilla.org/index.php?title=WebAPI/Security/indexDB&oldid=1021356"