sandbox from Angelo Borsotti on 2012-09-15 (public-webapps@w3.org from July to September 2012)

From: Angelo Borsotti <angelo.borsotti@gmail.com>
Date: Sat, 15 Sep 2012 14:01:29 +0200
To: public-webapps@w3.org
Message-ID: <CAB9Jk9CfYZFQ-4tVoLnZcU0nzqY5xofAYn+eW-V5vUf9S1zwng@mail.gmail.com>

Hello,

restricting the access made by a web app to a sandboxed filesystem is a
severe restriction.
I understand that this is done to preserve security, but the result falls
short of the mark.
Web apps that cannot access the local filesystem are meant to access mainly
the data
that are stored in some computer in the network (albeit they can somehow
save them in
some sandboxed storage so as to let the user work offline).
Now, consider sensitive data, like, e.g. my bank accounts, what shares I
own, my medical
data, etc. Storing them in my computer is a lot more secure than storing
them in some
other in the network. It has some drawbacks, like, e.g. that I cannot
access them when
I am away from home or from my computer, but I could well trade this for
security.
I would like to have web apps access them, read and write them, manage
them, etc.
Unfortunately, with the current tecnology, and stantards such as the one
you are developing,
web apps cannot access them. Of course, I could install and run a web
server on my
computer, and have web apps then access my data, but that would effectively
decrese
security instead of increase it.
All we have lived for decades using traditional apps, implemented in C++
and Java,
accessing the local filesystem (and the whole OS). It is time to shift from
these technologies
to the new web ones, and implement apps using html and javascript --
providing that we
can do the same things at least.
Security is an issue, but it applies to apps implemented with traditional
technologies.
When I download Firefox, or Libreoffice, I trust them not to wipe out my
filesystem or
disrupt my OS because I trust the people that implemented them and I trust
the place from
which I downloaded them (i.e. that they are not counterfeited and, e.g.,
contain viruses).
Once I have installed them I have effectively granted them access to my
computer.
This simple scheme could also apply to web apps. Note that downloading a
(traditional)
app such as Firefox, installing it and running it is something that is
nowadays done
using the web. So, the distinction between apps and web apps tends to be
confined
to the technology that is used to implement them. From the users'
perspective they differ
mostly in the way they are installed. Why then they should differ in what
they can do?

So, my proposal is to get rid altogether with the notion of sandboxed
filesystem, or,
alternatively, to consider it as a special case of filesystem, and to
provide access to
the whole local filesystem.

Thank you
-Angelo Borsotti

Received on Saturday, 15 September 2012 12:01:56 UTC