I agree that there are potential security risks, but if the Gears developers do it right, there will be no harm.
This feature would require a special authorization (by user interaction) per folder and per application. You could limit it to read access also. So an application would make the user choose a folder, then Gears would warn him that he is exposing ALL data in this folder to this app. Probably Gears would not allow to choose system folders for security reasons. Given those few preconditions(and maybe some more I did not think about), I do not see how Gears is more of a security risk than it is today (you already are able to access the file system through user interaction). I believe that if Gears provides a reasonable and secured abstraction layer to the local system resources then a whole new kind of web- desktop-application will be born. The browser will become the platform, the OS will be secondary. Think about it, combined with Google's ChromeOS and AppEngine strategy, a new application ecosystem might arise. We are only a few steps away. On Jul 14, 1:40 am, Eduard Martini <[email protected]> wrote: > As developer this feature would be great. > But as a user, I will uninstall Gears in the second when it will be > implemented. The security risks are huge. > > On Jul 13, 5:37 am, Daniel Vocke <[email protected]> wrote: > > > Hi Gears community, > > > I am currently evaluating Gears (more precisely GWT + Gears) for its > > value as a real platform for application development. I believe that > > this is the right step in the right direction and see great potential. > > However, there are shortcomings with regards to the current version. I > > know we are far from being version 1.0 so I wonder whether this is > > functionality soon to come or whether the community / the developers > > think that this will never work for security reasons. Here my > > scenario: > > > I am writing a web application that is making heavy use of a user's > > local files in a certain directory (and subdirectories). As far as I > > understood the Gears API, the only way to access local files is to use > > the Desktop class which offers me that functionality through a user > > dialog. (Would be happy to learn that I am wrong). This does not meet > > my needs though as I might want to frequently access diverse files in > > a certain folder without bugging the user all the time. I believe that > > full local filesystem access is mandatory for a "platform" that tries > > to enable desktop-like applications. > > > So my question is: Will there be a way to get full access to a folder > > of the user's choosing? (Assuming the user granted all the rights and > > was informed about the implications). Is there a way to get that > > today, or if not, maybe sometime soon? > > > Best, > > > Daniel Vocke
