Sandboxing the browser tabs themselves is a big improvement over firefox/ie, but I feel that it isn't enough. Any files downloaded should remain jailed in a sandbox specific to the domain of its origin, until and unless the user explicitly moves any of them out of the sandbox. I'm envisioning this being similar to one of the third- party sandbox programs like Sandboxie, but instead of everything going into one (or one of a few) explicitly-defined sandbox(es), a separate sandbox should be created automatically for each domain as needed.
Of course we need a way to open such documents within the sandbox, meaning that the application that opens it should be a separate instance that is tainted to be able to write only within the sandbox. I think some of the sandbox utilities do this, and Vista does something similar by effectively separating domains by their "integrity level," but it does not separate them by domain, so there's nothing to stop malware from one site from modifying the data that you send to another site of the same integrity level. I know this is getting more towards the operating system level, but what do you think? david rosen --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
