<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">Furthermore isn’t it a bit of a conflict if we have multiple versions of Foundation running apps on a server? I would expect that the mutable state of cookies should never be shared across processes not just from a security standpoint but also from a versioning standpoint. </div><div class=""><br class=""></div><div class="">Let have a scenario where there are two web apps running on the same server. They should never share data between them unless specifically allowed to. Service A uses Foundation version A and service B uses version B. Unless service A and B have privileges to communicate they should never use common storage for cookies or preferences. This could allow service A to inappropriately use the stored credentials of service B if they are stored in the same directory. Moreover if the version B of Foundation has some refinement to the storage version of the cookie the file may be incompatible with Foundation A’s reading schema. </div><div class=""><br class=""></div><div class="">In my opinion the directories should be unique to the services running unless they share a system based privilege system that is a common version (e.g. they are allowed to talk to each other and are not sandboxed apart).</div><div class=""><br class=""></div><div class="">Of course some of this could be side-stepped by having the services running as different users. But the versioning issue still occurs and should perhaps be something that we consider.</div><div class=""><br class=""></div><br class=""><div><blockquote type="cite" class=""><div class="">On Nov 14, 2016, at 9:44 AM, Tony Parker via swift-corelibs-dev <<a href="mailto:swift-corelibs-dev@swift.org" class="">swift-corelibs-dev@swift.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html charset=utf-8" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Isn’t it a bit odd to use ‘.foundation’ as the name of the directory, when Foundation is just one of the libraries involved? On Darwin, the prefs are organized by application, not by framework.<div class=""><br class=""></div><div class="">- Tony</div><div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On Nov 14, 2016, at 1:43 AM, Pushkar N Kulkarni via swift-corelibs-dev <<a href="mailto:swift-corelibs-dev@swift.org" class="">swift-corelibs-dev@swift.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><font face="Verdana,Arial,Helvetica,sans-serif" size="2" class=""><div class="">Thanks Will! </div><div class=""><br class=""></div><div class=""><font face="Verdana,Arial,Helvetica,sans-serif" size="2" class=""><font class=""><font class=""><div class="socmaildefaultfont" dir="ltr"><div class="socmaildefaultfont" dir="ltr"><div class="socmaildefaultfont" dir="ltr"><div dir="ltr" style="font-style: normal;" class="">"<span style="font-family: 'Courier New', Courier, monospace; font-size: 12px;" class="">NSHomeDirectory() + "/.foundation/Cookies/shared" </span>seems good to me</div><div dir="ltr" style="font-style: normal;" class=""><br class=""><font face="Sans Serif, Verdana, Arial, Helvetica, sans-serif" class="">Pushkar N Kulkarni,</font></div>
<div dir="ltr" style="font-style: normal;" class=""><font face="Sans Serif, Verdana, Arial, Helvetica, sans-serif" class="">IBM Runtimes</font></div><div dir="ltr" style="font-style: normal;" class=""><font face="Sans Serif, Verdana, Arial, Helvetica, sans-serif" class=""><br class=""></font></div><div dir="ltr" class=""><font face="serif, Times New Roman, Times, serif" class=""><i class="">Simplicity is prerequisite for reliability - Edsger W. Dijkstra</i></font></div>
<div dir="ltr" style="font-style: normal; font-size: 10.5pt; font-family: Arial;" class=""><br class=""></div></div></div></div></font></font></font></div><br class=""><br class=""><font face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif" size="2" class=""><font color="#990099" class="">-----Will Stanton <<a href="mailto:willstanton1@yahoo.com" target="_blank" class="">willstanton1@yahoo.com</a>> wrote: -----</font><div class="iNotesHistory" style="padding-left:5px;"><div style="padding-right:0px;padding-left:5px;border-left:solid black 2px;" class="">To: Pushkar N Kulkarni/India/IBM@IBMIN<br class="">From: Will Stanton <<a href="mailto:willstanton1@yahoo.com" target="_blank" class="">willstanton1@yahoo.com</a>><br class="">Date: 11/08/2016 08:45AM<br class="">Cc: swift-corelibs-dev <<a href="mailto:swift-corelibs-dev@swift.org" target="_blank" class="">swift-corelibs-dev@swift.org</a>><br class="">Subject: Re: [swift-corelibs-dev] Implementing HTTPCookieStorage<br class=""><br class=""><div class=""><font face="Courier New,Courier,monospace" size="3" class="">Was wondering if there could be a common directory for Foundation-related files, such as NSUserDefaults in addition to cookie storage?<br class=""><br class="">So maybe for cookies:<br class="">NSHomeDirectory() + "/.foundation/Cookies/shared"<br class=""><br class="">And settings for an app/service:<br class="">NSHomeDirectory() + "/.foundation/Preferences/EXECUTABLE_NAME.plist"<br class=""><br class=""><br class="">And I’m not familiar with how Apple Foundation/CFNetwork/nsurlsessiond handles cookies… or caches things, but I think I agree with Kenny that naming symmetry would be nice if there is a per-user cookies file.<br class=""><br class="">So having a /Library may be nicer, but potentially unnecessary?<br class="">NSHomeDirectory() + "/.foundation/Library/Cookies/Cookies.something"<br class=""><br class="">Regards,<br class="">Will Stanton<br class=""><br class="">> On Nov 7, 2016, at 5:45 PM, Tony Parker via swift-corelibs-dev <<a href="mailto:swift-corelibs-dev@swift.org" target="_blank" class="">swift-corelibs-dev@swift.org</a>> wrote:<br class="">> <br class="">> Hi Pushkar,<br class="">> <br class="">> Good question. If this were Darwin I guess I would say ~/Library/Application Support — but I don’t know what the best practices are on other platforms. Does anyone out there have some suggestions?<br class=""><br class=""></font></div></div></div></font></font><br class="">
_______________________________________________<br class="">swift-corelibs-dev mailing list<br class=""><a href="mailto:swift-corelibs-dev@swift.org" class="">swift-corelibs-dev@swift.org</a><br class=""><a href="https://lists.swift.org/mailman/listinfo/swift-corelibs-dev" class="">https://lists.swift.org/mailman/listinfo/swift-corelibs-dev</a><br class=""></div></blockquote></div><br class=""></div></div>_______________________________________________<br class="">swift-corelibs-dev mailing list<br class=""><a href="mailto:swift-corelibs-dev@swift.org" class="">swift-corelibs-dev@swift.org</a><br class="">https://lists.swift.org/mailman/listinfo/swift-corelibs-dev<br class=""></div></blockquote></div><br class=""></body></html>