Client-Side Storage Ashok Malhotra
-
Upload
randolf-taylor -
Category
Documents
-
view
214 -
download
0
Transcript of Client-Side Storage Ashok Malhotra
![Page 2: Client-Side Storage Ashok Malhotra](https://reader035.fdocuments.net/reader035/viewer/2022072014/56649eb15503460f94bb68a0/html5/thumbnails/2.jpg)
Client-Side Storage
• Two Intertwined Threads– Client-Side Storage
• Need to maintain state• Need for cacheing/offline storage • Need to share information among websites
– Privacy Considerations• Client-side information is valuable for tracking behavior and,
thus, encourages thievery• Large amounts of persistent information makes the situation
worse• Other ways of tracking client behavior
04/19/23 2Client-Side Storage
![Page 3: Client-Side Storage Ashok Malhotra](https://reader035.fdocuments.net/reader035/viewer/2022072014/56649eb15503460f94bb68a0/html5/thumbnails/3.jpg)
Cookies
• The Web is stateless• Cookies were invented by Netscape to add state
– Allow, for example, session tracking and personalization– Does personalization (different views of same resource) break
WebArch? i.e. compromise our ability to give URIs to things which can be distributed effectively?
• What are the properties of these two types of systems?• Session cookies and persistent cookies• Third-party cookies• IETF drafts on cookies
04/19/23 3Client-Side Storage
![Page 4: Client-Side Storage Ashok Malhotra](https://reader035.fdocuments.net/reader035/viewer/2022072014/56649eb15503460f94bb68a0/html5/thumbnails/4.jpg)
Privacy Problems
• Cookies contain valuable tracking information and are much coveted by marketeers
• Subject to hijacking• Same Origin Policy is supposed to prevent
against this– Problems with SOP
• Sandboxing and security• Why does encrypting cookies not work?
04/19/23 4Client-Side Storage
![Page 5: Client-Side Storage Ashok Malhotra](https://reader035.fdocuments.net/reader035/viewer/2022072014/56649eb15503460f94bb68a0/html5/thumbnails/5.jpg)
Limitations of Cookies/New Requirements
• Cacheing and offline usage• Access from multiple websites• Management of personal storage -- pruning,
query• Large amounts of storage• Control over what is transmitted with each
request
04/19/23 5Client-Side Storage
![Page 6: Client-Side Storage Ashok Malhotra](https://reader035.fdocuments.net/reader035/viewer/2022072014/56649eb15503460f94bb68a0/html5/thumbnails/6.jpg)
Responses to These Requirements
• CORS and UMP• Other means of making Cross Domain
Requests• Web Storage• Web Indexed DB
04/19/23 6Client-Side Storage
![Page 7: Client-Side Storage Ashok Malhotra](https://reader035.fdocuments.net/reader035/viewer/2022072014/56649eb15503460f94bb68a0/html5/thumbnails/7.jpg)
Privacy Problems
• Persistence and Large Amounts of Storage Exacerbates Privacy Issues
• Evercookie• Private vs. Public Machines• Other means of tracking – Clickjacking, mouse movements …– This discussion forks the thread
04/19/23 7Client-Side Storage