|
version 1.12, 2009/08/17 02:15:20
|
version 1.13, 2009/08/17 23:01:59
|
|
Line 269
|
Line 269
|
| <li><a href="#privacy"><span class="secno">6 </span>Privacy</a> |
<li><a href="#privacy"><span class="secno">6 </span>Privacy</a> |
| <ol> |
<ol> |
| <li><a href="#user-tracking"><span class="secno">6.1 </span>User tracking</a></li> |
<li><a href="#user-tracking"><span class="secno">6.1 </span>User tracking</a></li> |
| <li><a href="#cookie-resurrection"><span class="secno">6.2 </span>Cookie resurrection</a></ol></li> |
<li><a href="#cookie-resurrection"><span class="secno">6.2 </span>Cookie resurrection</a></li> |
| |
<li><a href="#sensitivity-of-data"><span class="secno">6.3 </span>Sensitivity of data</a></ol></li> |
| <li><a href="#security"><span class="secno">7 </span>Security</a> |
<li><a href="#security"><span class="secno">7 </span>Security</a> |
| <ol> |
<ol> |
| <li><a href="#dns-spoofing-attacks"><span class="secno">7.1 </span>DNS spoofing attacks</a></li> |
<li><a href="#dns-spoofing-attacks"><span class="secno">7.1 </span>DNS spoofing attacks</a></li> |
|
Line 282
|
Line 283
|
| * deleting databases |
* deleting databases |
| * determining how much storage room is left |
* determining how much storage room is left |
| * handling the database getting corrupted |
* handling the database getting corrupted |
| |
|
| XXX should make it clear that UAs should treat data as sensitive and |
|
| should delete it properly when it is deleted |
|
| --><h2 id="introduction"><span class="secno">1 </span>Introduction</h2><p><i>This section is non-normative.</i><p class="XXX">...</p><!-- include an example that does something like the following to show |
--><h2 id="introduction"><span class="secno">1 </span>Introduction</h2><p><i>This section is non-normative.</i><p class="XXX">...</p><!-- include an example that does something like the following to show |
| you should never embed strings straight into the statement, even when you |
you should never embed strings straight into the statement, even when you |
| have a variable and unknowable number of literals coming: |
have a variable and unknowable number of literals coming: |
|
Line 1102 interface <dfn id="sqltransactionsync">S
|
Line 1100 interface <dfn id="sqltransactionsync">S
|
| separately from data in HTTP session cookies, then users are likely |
separately from data in HTTP session cookies, then users are likely |
| to delete data in one and not the other. This would allow sites to |
to delete data in one and not the other. This would allow sites to |
| use the two features as redundant backup for each other, defeating a |
use the two features as redundant backup for each other, defeating a |
| user's attempts to protect his privacy.<h2 id="security"><span class="secno">7 </span>Security</h2><h3 id="dns-spoofing-attacks"><span class="secno">7.1 </span>DNS spoofing attacks</h3><p>Because of the potential for DNS spoofing attacks, one cannot |
user's attempts to protect his privacy.<h3 id="sensitivity-of-data"><span class="secno">6.3 </span>Sensitivity of data</h3><p>User agents should treat persistently stored data as potentially |
| |
sensitive; it's quite possible for e-mails, calendar appointments, |
| |
health records, or other confidential documents to be stored in this |
| |
mechanism.<p>To this end, user agents should ensure that when deleting data, |
| |
it is promptly deleted from the underlying storage.<h2 id="security"><span class="secno">7 </span>Security</h2><h3 id="dns-spoofing-attacks"><span class="secno">7.1 </span>DNS spoofing attacks</h3><p>Because of the potential for DNS spoofing attacks, one cannot |
| guarantee that a host claiming to be in a certain domain really is |
guarantee that a host claiming to be in a certain domain really is |
| from that domain. To mitigate this, pages can use SSL. Pages using |
from that domain. To mitigate this, pages can use SSL. Pages using |
| SSL can be sure that only pages using SSL that have certificates |
SSL can be sure that only pages using SSL that have certificates |
![[BACK]](/https/dev.w3.org/cvsweb/icons/back.gif){kind=icon}
Return to Overview.html CVS log ![[TXT]](/https/dev.w3.org/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/https/dev.w3.org/cvsweb/icons/dir.gif){kind=icon}
Up to [Public] / html5 / webdatabase