- From: abflow <notifications@github.com>
- Date: Wed, 31 Mar 2021 07:46:46 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/manifest/issues/967/811125678@github.com>
Allow @Nuckijfuta, how are you ? Presently, web browsers forbid developers to build secure applications for users, in proposing PWAs, which are insecure by default (totally open to the internet and to the hosting server). Other persons do not even want to distinguish between websites and applications, letting the developers with the only option to build a website with cloud functionality as the only means of creating an "application". That is not acceptable. Security should not be based on the trust onto a foreign web server or onto the transport protocol between the user computer and the foreign server, but on the warranty that by default, user's privacy and security is truly met locally before anything else happens. Therefore, by default, the application shell should be totally sandboxed, thus the need for exposing permissions to users, and ahead of time if possible. It is important because according to the permissions that are required, different software scenarios are possible, a bit like [Tauri patterns](https://tauri.studio/en/docs/usage/patterns/about-patterns/): hermit, bridge, cloudish, cloudbridge, lockdown, etc. Many kind of software scenarios can be built on the basis of fine-grained user-granted permissions. However, presently, developers are forced to use only one scenario: "web-cloudish", which is not secure at all, even less than the [cloudish ](https://tauri.studio/en/docs/usage/patterns/cloudish)one which uses localhost. What are your thoughts about it ? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/967#issuecomment-811125678
Received on Wednesday, 31 March 2021 14:46:58 UTC