With AJAX MAssive Storage System (AMASS) a  OCT 20 2005

With AJAX MAssive Storage System (AMASS) a web page can store large amounts of data on a computer using hidden Flash applets. Brilliant hack, but seems like a potential security concern (an AMASS-like app could just fill up a hard drive without prompting, no?). I just looked at this briefly...would this allow one to run something like GMail offline? (I'm thinking not.) (via waxy)

Read more posts on kottke.org about:
Ajax   Flash   Gmail   Javascript   security   web development

There are 8 reader comments

Jordan30 20 2005 2:30PM

By default Flash will only store 100kb for any given Flash movie; if one tries to exceed 100kb, Flash prompts the user to ask if they'll allow it to store more.

jkottke00 20 2005 3:00PM

Ah, ok...it's Flash doing the prompting then, and not AMASS.

Brad Neuberg41 20 2005 3:41PM

I'm the AMASS lead developer; Jordan is right. Flash prompts, which AMASS detects, making an HTML DIV that appears above the HTML content, containing the Flash file so it just contains Flash's "Do you approve or disapprove of this storage?" dialog.

AMASS is one of the necessary pieces for offline use, but it's not enough. I'd like to crack that nut; figure out a way to have offline use in existing browsers.

Mike Nowak52 20 2005 3:52PM

I really don't like seeing Shared Objects used for storing data on a client machine. It's already being abused by advertising types. I'd hate to see it abused by developer types.

The major problem with SOs is that they are much more hidden than cookies so it's harder for the less savvy people to clear them or see how they're being tracked.

Go here to see what's on your system:
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

Or use this Firefox extension
http://www.yardley.ca/objection/
(I can't vouch for how good it is because I use FlashBlock).

Alexandre22 20 2005 5:22PM

Gmail offline would be awesome. If I could reply to messages without wireless.... well... That would be amazing.

Nels26 21 200510:26AM

Indeed, Mike. I don't let Flash put stuff on my local file system. Ever.

Geoff09 21 200511:09AM

It might be interesting to come up with a system that uses muliple Flash movies, 100kb in each so you avoid the dialog boxes asking for more space. Sort of a Shared Object RAID array or something.

But I guess Shared Objects store data based on the URL of the movie, so it would take a dynamic swf generator so the URLs are unique (or is it based off the domain?).

Anyway, might be a cool thing to look into.

Brad Neuberg00 21 2005 6:00PM

The security of SharedObjects is fine; see a new blog post on AMASS at http://codinginparadise.org/weblog/2005/10/amass-update.html

This thread is closed to new comments. Thanks to everyone who responded.

this is kottke.org

   Front page
   About + contact
   Site archives

You can follow kottke.org on Twitter, Facebook, Tumblr, Feedly, or RSS.

Ad from The Deck

We Work Remotely

 

Enginehosting

Hosting provided EngineHosting