• Messages sorted by: [ date ][ thread ][ subject ][ author ] [ Next ]
• In reply to: David L. Nicol Next in thread: Alan Cox

> Building capabilities into URLS (aka bookmarkable sessions) is a bad
> idea, as it allows for data theft through a variety of
> javascript hacks
> that access the "about:cache" page.

Two points.

1. Both Netscape and Explorer do not save pages delivered by HTTPS in the history cache. They are saved in the "in-memory" cache; however, this "in-memory" cache is cleared as soon as you close your browser window. This is an easy thing to test out for yourself.
2. Droplets (my capability URL environment) does not rely on the protection provided by the browser for HTTPS URLs. All capability URLs are exported from a particular context. When you first enter a Droplet application, a new context is created and associated with your current HTTP session. When your HTTP session dies, or you kill it by logging out of the application, the associated context is destroyed. This means that all capability URLs exported from that context are no longer valid. So even if your hypothetical JavaScript code could find the HTTPS URLs, which it can't, they'd be useless.

I created this extra layer of protection to provide protection against attacks targeted at the physical machine. It is possible that HTTPS URLs could get saved to a swap file by the virtual memory manager. If someone stole your physical computer from you, they might be able to retrieve these URLs from the swap file. Making the caps transient prevents this attack.

Tyler Close, Founder Waterken Inc.
tyler@waterken.com
A35E 0621 44AD B616 DE29 F8DF 7B4C E859 71AB 47C5

[ Next ]
• In reply to: David L. Nicol Next in thread: Alan Cox