Re: Installing web apps

On 7/2/12 05:31 , Robin Berjon wrote:
> The first problem is that of the security model. A lot of smart people have tried to come up with a lot of different solutions here, often involving signatures, policies, intricate user interfaces, etc. I think that's all massively over-engineered. Once you take into account the fact that the number of applications that actually need this level of privilege is only a tiny fraction of the whole, you realise that you can just give up on privilege policies. These are just regular apps: they have unfettered access — period (within the limits of the underlying platform's permissions system naturally). They ought to be harder (and unusual) to install, and maybe should look different, but that's it. We might want to give them strong CSP protection by default to defend against XSS attacks, but that's a detail.
>
JCD: I strongly disagree with you there, Robin. I do not see why 
"installed apps" should have more access. "Normal apps" and "installed 
apps" should have the same security model, but "installed apps" may have 
permanently remembered security clearances, and that could be the only 
difference.
My proposal is as simplistic as yours, but in the opposite direction. 
You are saying "installed apps" should have all rights, I am saying 
"installed apps" should obey the exact same security as "normal apps".
In your system, it is dangerous to install an app, but it is very 
simple. In mine, there is no danger, but it is a bit more work.
Having a difference between installed apps and normal apps is actually 
counter-productive.
Java tried that for applets, and Java is now gone from the web apps stage.
Best regards
JC

-- 
JC Dufourd
Directeur d'Etudes/Professor
Groupe Multimedia/Multimedia Group
Traitement du Signal et Images/Signal and Image Processing
Telecom ParisTech, 37-39 rue Dareau, 75014 Paris, France
Tel: +33145817733 - Mob: +33677843843 - Fax: +33145817144

Received on Wednesday, 8 February 2012 00:09:34 UTC