Download - Client-Side Storage Ashok Malhotra
![Page 2: Client-Side Storage Ashok Malhotra](https://reader036.vdocuments.net/reader036/viewer/2022083006/56813ab8550346895da2be01/html5/thumbnails/2.jpg)
Client-Side Storage
• Two Intertwined Threads– Client-Side Storage
• Need to maintain state• Need for cacheing/offline storage • Need to share information among websites
– Privacy Considerations• Client-side information is valuable for tracking behavior and,
thus, encourages thievery• Large amounts of persistent information makes the situation
worse• Other ways of tracking client behavior
04/20/23 2Client-Side Storage
![Page 3: Client-Side Storage Ashok Malhotra](https://reader036.vdocuments.net/reader036/viewer/2022083006/56813ab8550346895da2be01/html5/thumbnails/3.jpg)
Cookies
• The Web is stateless• Cookies were invented by Netscape to add state
– Allow, for example, session tracking and personalization– Does personalization (different views of same resource) break
WebArch? i.e. compromise our ability to give URIs to things which can be distributed effectively?
• What are the properties of these two types of systems?• Session cookies and persistent cookies• Third-party cookies• IETF drafts on cookies
04/20/23 3Client-Side Storage
![Page 4: Client-Side Storage Ashok Malhotra](https://reader036.vdocuments.net/reader036/viewer/2022083006/56813ab8550346895da2be01/html5/thumbnails/4.jpg)
Privacy Problems
• Cookies contain valuable tracking information and are much coveted by marketeers
• Subject to hijacking• Same Origin Policy is supposed to prevent
against this– Problems with SOP
• Sandboxing and security• Why does encrypting cookies not work?
04/20/23 4Client-Side Storage
![Page 5: Client-Side Storage Ashok Malhotra](https://reader036.vdocuments.net/reader036/viewer/2022083006/56813ab8550346895da2be01/html5/thumbnails/5.jpg)
Limitations of Cookies/New Requirements
• Cacheing and offline usage• Access from multiple websites• Management of personal storage -- pruning,
query• Large amounts of storage• Control over what is transmitted with each
request
04/20/23 5Client-Side Storage
![Page 6: Client-Side Storage Ashok Malhotra](https://reader036.vdocuments.net/reader036/viewer/2022083006/56813ab8550346895da2be01/html5/thumbnails/6.jpg)
Responses to These Requirements
• CORS and UMP• Other means of making Cross Domain
Requests• Web Storage• Web Indexed DB
04/20/23 6Client-Side Storage
![Page 7: Client-Side Storage Ashok Malhotra](https://reader036.vdocuments.net/reader036/viewer/2022083006/56813ab8550346895da2be01/html5/thumbnails/7.jpg)
Privacy Problems
• Persistence and Large Amounts of Storage Exacerbates Privacy Issues
• Evercookie• Private vs. Public Machines• Other means of tracking – Clickjacking, mouse movements …– This discussion forks the thread
04/20/23 7Client-Side Storage