From 2ed86ebb2d9ea6d94ac845524353e8d784a4d45c Mon Sep 17 00:00:00 2001
From: Ian Hickson <ian@hixie.ch>
Date: Tue, 21 Aug 2007 07:37:43 +0000
Subject: [PATCH] [e] (0) Some security notes on the SQL storage APIs.

git-svn-id: http://svn.whatwg.org/webapps@1015 340c8d12-0b0e-0410-8428-c7bf67bfef74
---
 index  | 11 +++++++++++
 source | 12 ++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/index b/index
index c7504e5419c..8c3d289e369 100644
--- a/index
+++ b/index
@@ -28876,6 +28876,17 @@ interface <dfn id=storageitem>StorageItem</dfn> {
 
   <h4 id=executing><span class=secno>4.12.2. </span>Executing SQL statements</h4>
 
+  <p class=big-issue>There are two major missing features here: One: a way to
+   be secure against DNS spoofing (a database created over an SSL connection
+   covered by one cert should not be made accessible to content connecting
+   with another cert or with no cert). Two: there's no session-specific API,
+   so if you have two windows open at once, you can't interact with the site
+   doing two separate sessions unless the site goes out of its way to track
+   sessions itself, detecting when new tabs are opened, etc. sessionStorage[]
+   handles it, why doesn't this? Also, we need to be more explicit about disk
+   usage concerns, quota, etc. Some of the security notes from
+   globalStorage[] should maybe come down here.
+
   <p>Each <a href="#origin0">origin</a> must have an associated database
    unique to that origin. An author can interact with the database using the
    <code title=dom-executeSql><a href="#executesql">executeSql()</a></code>
diff --git a/source b/source
index 98b573f3754..c028f2dcb7f 100644
--- a/source
+++ b/source
@@ -26386,6 +26386,18 @@ interface <dfn>StorageItem</dfn> {
 
   <h4>Executing SQL statements</h4>
 
+  <p class="big-issue">There are two major missing features here: One:
+  a way to be secure against DNS spoofing (a database created over an
+  SSL connection covered by one cert should not be made accessible to
+  content connecting with another cert or with no cert). Two: there's
+  no session-specific API, so if you have two windows open at once,
+  you can't interact with the site doing two separate sessions unless
+  the site goes out of its way to track sessions itself, detecting
+  when new tabs are opened, etc. sessionStorage[] handles it, why
+  doesn't this? Also, we need to be more explicit about disk usage
+  concerns, quota, etc. Some of the security notes from
+  globalStorage[] should maybe come down here.</p>
+
   <p>Each <span>origin</span> must have an associated database unique
   to that origin. An author can interact with the database using the
   <code title="dom-executeSql">executeSql()</code> method.</p>