1 / 7

Client-Side Storage Ashok Malhotra <ashok.malhotra@oracle

Client-Side Storage Ashok Malhotra <ashok.malhotra@oracle.com. Client-Side Storage. Two Intertwined Threads Client-Side Storage Need to maintain state Need for cacheing/offline storage Need to share information among websites Privacy Considerations

trent
Download Presentation

Client-Side Storage Ashok Malhotra <ashok.malhotra@oracle

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Client-Side Storage Ashok Malhotra <ashok.malhotra@oracle.com Client-Side Storage

  2. Client-Side Storage • Two Intertwined Threads • Client-Side Storage • Need to maintain state • Need for cacheing/offline storage • Need to share information among websites • Privacy Considerations • Client-side information is valuable for tracking behavior and, thus, encourages thievery • Large amounts of persistent information makes the situation worse • Other ways of tracking client behavior Client-Side Storage

  3. Cookies • The Web is stateless • Cookies were invented by Netscape to add state • Allow, for example, session tracking and personalization • Does personalization (different views of same resource) break WebArch? i.e. compromise our ability to give URIs to things which can be distributed effectively? • What are the properties of these two types of systems? • Session cookies and persistent cookies • Third-party cookies • IETF drafts on cookies Client-Side Storage

  4. Privacy Problems • Cookies contain valuable tracking information and are much coveted by marketeers • Subject to hijacking • Same Origin Policy is supposed to prevent against this • Problems with SOP • Sandboxing and security • Why does encrypting cookies not work? Client-Side Storage

  5. Limitations of Cookies/New Requirements • Cacheing and offline usage • Access from multiple websites • Management of personal storage -- pruning, query • Large amounts of storage • Control over what is transmitted with each request Client-Side Storage

  6. Responses to These Requirements • CORS and UMP • Other means of making Cross Domain Requests • Web Storage • Web Indexed DB Client-Side Storage

  7. Privacy Problems • Persistence and Large Amounts of Storage Exacerbates Privacy Issues • Evercookie • Private vs. Public Machines • Other means of tracking • Clickjacking, mouse movements … • This discussion forks the thread Client-Side Storage

More Related