kottke.org home archives + xml about kottke.org contact me
kottke.org - home of fine hypertext products

With AJAX MAssive Storage System (AMASS) a

With AJAX MAssive Storage System (AMASS) a web page can store large amounts of data on a computer using hidden Flash applets. Brilliant hack, but seems like a potential security concern (an AMASS-like app could just fill up a hard drive without prompting, no?). I just looked at this briefly...would this allow one to run something like GMail offline? (I'm thinking not.) (via waxy)

Reader Comments
8 comments
Jordan says:

By default Flash will only store 100kb for any given Flash movie; if one tries to exceed 100kb, Flash prompts the user to ask if they'll allow it to store more.

» by Jordan on Oct 20, 2005 at 02:30 PM
jkottke says:

Ah, ok...it's Flash doing the prompting then, and not AMASS.

» by jkottke on Oct 20, 2005 at 03:00 PM
Brad Neuberg says:

I'm the AMASS lead developer; Jordan is right. Flash prompts, which AMASS detects, making an HTML DIV that appears above the HTML content, containing the Flash file so it just contains Flash's "Do you approve or disapprove of this storage?" dialog.

AMASS is one of the necessary pieces for offline use, but it's not enough. I'd like to crack that nut; figure out a way to have offline use in existing browsers.

» by Brad Neuberg on Oct 20, 2005 at 03:41 PM
Mike Nowak says:

I really don't like seeing Shared Objects used for storing data on a client machine. It's already being abused by advertising types. I'd hate to see it abused by developer types.

The major problem with SOs is that they are much more hidden than cookies so it's harder for the less savvy people to clear them or see how they're being tracked.

Go here to see what's on your system:
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

Or use this Firefox extension
http://www.yardley.ca/objection/
(I can't vouch for how good it is because I use FlashBlock).

» by Mike Nowak on Oct 20, 2005 at 03:52 PM
Alexandre says:

Gmail offline would be awesome. If I could reply to messages without wireless.... well... That would be amazing.

» by Alexandre on Oct 20, 2005 at 05:22 PM
Nels says:

Indeed, Mike. I don't let Flash put stuff on my local file system. Ever.

» by Nels on Oct 21, 2005 at 10:26 AM
Geoff says:

It might be interesting to come up with a system that uses muliple Flash movies, 100kb in each so you avoid the dialog boxes asking for more space. Sort of a Shared Object RAID array or something.

But I guess Shared Objects store data based on the URL of the movie, so it would take a dynamic swf generator so the URLs are unique (or is it based off the domain?).

Anyway, might be a cool thing to look into.

» by Geoff on Oct 21, 2005 at 11:09 AM
Brad Neuberg says:

The security of SharedObjects is fine; see a new blog post on AMASS at http://codinginparadise.org/weblog/2005/10/amass-update.html

» by Brad Neuberg on Oct 21, 2005 at 06:00 PM

 
This thread is closed to new comments. Thanks to everyone who responded.

More about this page

This entry was published on October 20, 2005 at 02:13 pm.

Tags for this entry:  gmail  ajax  javascript  webdev  flash  security 

kottke.org is a weblog about the liberal arts 2.0 edited by Jason Kottke since March 1998. You can read about me and kottke.org here. If you've got questions, concerns, or an interesting link for me, send them along. Here's the kottke.org RSS feed kottke.org RSS feed.

Advertisement

dot dot dot

Advertise on kottke.org via The Deck.

Looking for work?
kottke.org

You're visiting kottke.org. All content by Jason Kottke (contact me) unless otherwise noted, with some restrictions on its use. Good luck will come to those who dig around in the archives. If you've reached this point by accident, I suggest panic.