This has nothing to do with Google. It's all about programmer job to not add security holes to his application.
Example: Site written in PHP with MySQL database. Vulnerable to sql injection attacks. Is this fault of php or mysql? Site written in JAVA si Oracle db. Vulnerable to session fixation. Is this fault of Oracle and Java? Windows desktop application that will format disc when started. Is this Microsoft fault for letting to programmer option to format disk from and application? Got the idea? There is no "potentialsecurityhazards that Gears could introduce to users". The only "security hazards" on the web are the bad coders that are not capable to write an good, solid, secure application for their users and try to find someone to blame for theirs mistakes. On May 21, 10:33 pm, Elvey <[email protected]> wrote: > On Apr 16, 8:26 am, meanderingthemaze <[email protected]> wrote:> While I am > not attacking Google on this one, I do think they could be > > doing more to inform people about Gears as they become more > > widespread. [....] Like I said, since users are told it is Google > > software, many people will assume it is safe because it is Google's > > software. (You cannot assume that they understand what is really going > > on behind the scenes. There are still people who don't know the > > difference between Email and Web Browsers, for example.) I hope that > > people will have more caution, but it still feels a little > > irresponsible. > > I concur. > > > But I digress. I am really interested in hearing more from Google > > about the potentialsecurityhazards that Gears could introduce to > > users and how to protect them from those hazards. FROM GOOGLE. > > I concur. > > > On Apr 16, 2:42 am, Eduard Martini <[email protected]> wrote: > > > > This is not a "securityrisk". You are asked if you allow gears for > > > that site. Nothing is hidden. It is like I make a site with a link > > > asking: "Do you want to download and run my_virus.exe?" If you say > > > yes, you got my virus. There are many "securityrisks" if the user > > > just accepts all the warnings that he got, Gears brings nothing new. > > Nonsense. I install Gears, I of course am trusting it's developers > (and trusting Google to administer the project properly). > When I go to, sayhttp://www.databreaches.net/wp-admin/tools.phpand > see "Turbo", click and see this, I haven't the SLIGHTEST idea to what > extent I am trusting wordpress, or the administrators of > databreaches.net: > > Turbo: Speed up WordPress > WordPress now has support for Gears, which adds new features to your > web browser. > After you install and enable Gears, most of WordPress’ images, > scripts, and CSS files will be stored locally on your computer. This > speeds up page load time. > Don’t install on a public or shared computer. > Install Now > > I go to the Gears website, and look around for info that might give me > some clue about the extent I would be trusting wordpress, or the > administrators of databreaches.net by clicking 'Install Now'. > Result: FAIL. IIRC, I looked into what extent I was trusting sites > to store info locally by the flash plug-in, and I found the info I > needed to feel I understood the security, and feel safe enabling it in > some cases and able to control it on a site-by-site basis. > > Whether google does/does not intend to review all submitted code > should be answered too.
