Yeah, the lack of the security UX is one issue. The other is that we
are aware of issues in the API (see
<https://etherpad.mozilla.org/datastore> for the notes from the last
meeting that we had on this) but so far nobody has had the time to work
on those issues.
I haven't followed the recent plans for how we're doing (or not doing!)
apps in the future on Firefox OS, but the latest I read on that was a
proposal from Jonas that mentioned merging some apps into the same one.
Doing things like that may eliminate some of the use cases for data
store (since in some cases we may be able to just keep the data in a
local indexed DB, without needing to use a data store since we won't
need to share the data with another app.) It's not clear to me what the
current status of the upcoming changes and proposals are, but it's
probably wise to wait until the plans stabilize a bit before thinking
about exposing data store to privileged apps...
In the mean time, the workaround that Fabrice mentioned may be all that
you need for the task at hand.
On 2015-05-19 7:39 PM, Paul Theriault wrote:
I don’t have any objections, but we to need to come up with sane
permission mode & UX.
See bug https://bugzilla.mozilla.org/show_bug.cgi?id=942641
On 20 May 2015, at 2:26 am, Christopher Lord <[email protected]
<mailto:[email protected]>> wrote:
Hi all,
I've recently been prototyping a new homescreen, and I wanted to make
it a privileged app if possible. As the homescreen is the primary
interface to access bookmarks since 2.1, it is basically impossible to
write an adequate homescreen unless you're a certified app.
My only problem is that we have this weird mix of datastore and APIs and
its currently hard to resolve a sane security UX story out of this. Some
data is stored with specific APIs (deviceStorage, contacts) and others
are stored in DeviceStorage. I don’t really have a preference opinion
one way or the other but I want to give our users better control over
their data (which in turns makes it safe for us to expose these things
to developers).
At the moment, its certified because the security of the system depends
entirely on the behaviour of the apps using datastore.
Long-term, we want to move away from data-stores, but I suggest that
short-term, read-only access should be allowed for privileged apps.
This would allow third party homescreens to work well (there are
already web-activities for saving/editing and removing bookmarks) and
I don't think it would encourage the use of the API (as you can't
write or create your own data-stores).
Does anyone have any thoughts or objections on this? If we're allowing
third party homescreens, this seems like a blocker to me.
Cheers,
--Chris
_______________________________________________
dev-b2g mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-b2g
