[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: eww
From: |
Lars Magne Ingebrigtsen |
Subject: |
Re: eww |
Date: |
Thu, 20 Jun 2013 09:17:06 +0200 |
User-agent: |
Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) |
Stefan Monnier <address@hidden> writes:
> That's for the case where you go the same URL. When I go back in my
> history, I don't just want to see the same web-page, I want to see it in
> the exact state I left it (e.g. with whatever text I had typed into the
> forms, with point at the same place, ...).
> And most importantly, I want to be able to see it even if the network
> connection went down.
>
> So, no, when going back in my history I do *not* want to honor stuff
> like Cache-Control.
That would be my preference, too, but there are security implications.
Like today's story:
http://it.slashdot.org/story/13/06/20/0250206/21-financial-sites-found-to-store-sensitive-data-in-browser-disk-cache
Now, eww won't store things in on disk, but if we're storing all this
stuff in memory indefinitely, we're leaving the users open for various
attacks on their privacy.
Like I said, my preference would be to leave everything in memory
myself, because I think this attack vector is pretty, er, slim (i.e.,
"if this is a problem, then my machine is already hacked, so why
worry?"), but as a default policy, I think it's problematic.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog http://lars.ingebrigtsen.no/
- Re: eww, (continued)
- Re: eww, Johan Bockgård, 2013/06/19
- Re: eww, Stefan Monnier, 2013/06/19
- Re: eww, Ted Zlatanov, 2013/06/18
- Re: eww, Stefan Monnier, 2013/06/18
- Re: eww, Ted Zlatanov, 2013/06/18
- Re: eww, Stefan Monnier, 2013/06/18
- Re: eww, Ted Zlatanov, 2013/06/19
- Re: eww, Lars Magne Ingebrigtsen, 2013/06/19
- Re: eww, Christopher Schmidt, 2013/06/19
- Re: eww, Stefan Monnier, 2013/06/19
- Re: eww,
Lars Magne Ingebrigtsen <=
- Re: eww, Stefan Monnier, 2013/06/20
- Re: eww, Lars Magne Ingebrigtsen, 2013/06/21
- Re: eww, Ted Zlatanov, 2013/06/28
- Re: eww, Lars Magne Ingebrigtsen, 2013/06/25
- Re: eww, Daimrod, 2013/06/26
- Re: eww, Lars Magne Ingebrigtsen, 2013/06/26
- Re: eww, Ted Zlatanov, 2013/06/19
- Re: eww, Lars Magne Ingebrigtsen, 2013/06/19
- Re: eww, Ted Zlatanov, 2013/06/19
- Re: eww, Lars Magne Ingebrigtsen, 2013/06/20