A FANTASTIC way of providing sandboxing for common filetypes and to promote what GOOGLE CHROME is all about would be to offer the option to open all files in WEB APPS. Provide an set of drop down configs in the configuration menu that alllow for 2 sets of associations with the files - the standard associations which go to WINDOWS, and then the sandboxed associations which open the DLed files in WEB APPS of your choice.
The web apps remain in the sandbox and have not only much greater isolation from the system, but also showcase the seamless desktop/web interface speed which V8 and chrome provide. The Google Toolbar in FF/IE offers the option of opening word/excel/etc. files in Google Documents - similar apps should be able to handle ZIP files and just about anything else! Of course there would have to be some good interfaces to the web apps to "shadow copy" the downloaded files and have the remote server download them as well... Is there an area in the Chrome WIKI that we can do some documentation and planning on something like this? On Sat, Sep 27, 2008 at 9:26 PM, david [b] rosen <[EMAIL PROTECTED]> wrote: > > Point taken. What about providing a way for a third party sandbox to > allow itself to be invoked by chrome with specified domain and in turn > it would run the tab process? Chrome wouldn't get involved in system- > level stuff but that way it would be possible to get that level of > sandboxing by using chrome in combination with such a product. I > realize this isn't very concrete (yet) but I'm just wondering what you > think... > > -david > > On Sep 26, 10:23 pm, "Carlos Pizano" <[EMAIL PROTECTED]> wrote: > > Sandboxie requires one or more drivers, we don't want to get into that > > kind of intrusive OS modification. However, I welcome any concrete > > idea that does not involve drivers or system level services. > > > > -cpu > > > > On Tue, Sep 23, 2008 at 9:05 PM,david [b] rosen<[EMAIL PROTECTED]> > wrote: > > > > > > > > > Sandboxing the browser tabs themselves is a big improvement over > > > firefox/ie, but I feel that it isn't enough. Any files downloaded > > > should remain jailed in a sandbox specific to the domain of its > > > origin, until and unless the user explicitly moves any of them out of > > > the sandbox. I'm envisioning this being similar to one of the third- > > > party sandbox programs like Sandboxie, but instead of everything going > > > into one (or one of a few) explicitly-defined sandbox(es), a separate > > > sandbox should be created automatically for each domain as needed. > > > > > Of course we need a way to open such documents within the sandbox, > > > meaning that the application that opens it should be a separate > > > instance that is tainted to be able to write only within the sandbox. > > > I think some of the sandbox utilities do this, and Vista does > > > something similar by effectively separating domains by their > > > "integrity level," but it does not separate them by domain, so there's > > > nothing to stop malware from one site from modifying the data that you > > > send to another site of the same integrity level. > > > > > I know this is getting more towards the operating system level, but > > > what do you think? > > > > > david rosen > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
