homeabout kottke.orgarchives + tags

With AJAX MAssive Storage System (AMASS) a

posted by Jason Kottke   Oct 20, 2005

With AJAX MAssive Storage System (AMASS) a web page can store large amounts of data on a computer using hidden Flash applets. Brilliant hack, but seems like a potential security concern (an AMASS-like app could just fill up a hard drive without prompting, no?). I just looked at this briefly…would this allow one to run something like GMail offline? (I’m thinking not.) (via waxy)

Reader comments

JordanOct 20, 2005 at 2:30PM

By default Flash will only store 100kb for any given Flash movie; if one tries to exceed 100kb, Flash prompts the user to ask if they’ll allow it to store more.

jkottkeOct 20, 2005 at 3:00PM

Ah, ok…it’s Flash doing the prompting then, and not AMASS.

Brad NeubergOct 20, 2005 at 3:41PM

I’m the AMASS lead developer; Jordan is right. Flash prompts, which AMASS detects, making an HTML DIV that appears above the HTML content, containing the Flash file so it just contains Flash’s “Do you approve or disapprove of this storage?” dialog.

AMASS is one of the necessary pieces for offline use, but it’s not enough. I’d like to crack that nut; figure out a way to have offline use in existing browsers.

Mike NowakOct 20, 2005 at 3:52PM

I really don’t like seeing Shared Objects used for storing data on a client machine. It’s already being abused by advertising types. I’d hate to see it abused by developer types.

The major problem with SOs is that they are much more hidden than cookies so it’s harder for the less savvy people to clear them or see how they’re being tracked.

Go here to see what’s on your system:

Or use this Firefox extension
(I can’t vouch for how good it is because I use FlashBlock).

AlexandreOct 20, 2005 at 5:22PM

Gmail offline would be awesome. If I could reply to messages without wireless…. well… That would be amazing.

NelsOct 21, 2005 at 10:26AM

Indeed, Mike. I don’t let Flash put stuff on my local file system. Ever.

GeoffOct 21, 2005 at 11:09AM

It might be interesting to come up with a system that uses muliple Flash movies, 100kb in each so you avoid the dialog boxes asking for more space. Sort of a Shared Object RAID array or something.

But I guess Shared Objects store data based on the URL of the movie, so it would take a dynamic swf generator so the URLs are unique (or is it based off the domain?).

Anyway, might be a cool thing to look into.

Brad NeubergOct 21, 2005 at 6:00PM

The security of SharedObjects is fine; see a new blog post on AMASS at http://codinginparadise.org/weblog/2005/10/amass-update.html

This thread is closed to new comments. Thanks to everyone who responded.

We Work Remotely