Sure, but that's true of everything. I've talked to several people who won't install Gears because they view it to be unsafe, using your same logic.
But in fact Gears is very safe to install and use, as safe as cookies. There are ways to give restricted file access that is safe, at least as safe than what we currently have. Particularly in intranet or private internet applications, I'd love a way to have limited access to the filesystem. For example, I have a web-based video application that interacts with the user's camera. I was using Flash, but it has too many limitations. Now I use an ActiveX object, which has all sorts of issues (IE-only, etc.), but at least it works. I use Gears to store data, but sometimes I need to do things like say "What avi files does the user already have in their video directory?" Or "Dump the database to a file to it can be imported by another application". These are both trivial and safe things to do, assuming that Gears prompted the user and said something like "This website wants to read the contents of c:\My Videos. []Accept []Deny", like it does for the regular Gears install. Ditto for writing. Alternatively, I have to install a stand-alone web server (e.g. DWebPro), add other ActiveX object (ugh), or call some other program to do the file access. All of these are terribly messy. But if Gears offered limited file access, I could use the Offline feature to create a completely web-based stand-alone program that did what I'd like it to do. So that's my hope for Gears. Tac On Wed, Jul 15, 2009 at 10:10 AM, Eduard Martini<[email protected]> wrote: > > If there is access, there will be ways to get past limitations and do > nasty things. If there is no such feature, the risk does not exists. > > On Jul 14, 4:37 pm, Michael Tacelosky <[email protected]> wrote: >> I have the exact problem, and think that we'll eventually see a few >> solutions for this, but right now no clear choice emerges. >> >> Adobe Flex is a contender, but I haven't gotten far enough into it to >> know. If you're running in a Windows-only environment, there are some >> interesting things you can do with Internet Explorer, but they seem to >> be better done in an intranet, otherwise there are (rightfully) all >> sorts of security issues to deal with. >> >> Another way is to embed your filesystem needs in an object and having >> your web page interact with that object (via Javascript, like you'd >> interact with a Flash object). I'm still looking for a simple >> solution, my ideal world would allow me to compile a PHP script to an >> object and embed it, but that's not going to happen. >> >> Along those lines, I keep hoping that GTK will revive and I can create >> standalone, cross-platform GUI applications in PHP. But I imagine one >> of the other solutions (Gears with more file access, Flex, etc.) will >> happen before that. I would be very happy if Gears offered a "Allow >> this site to read directory and file names?" as part of the security >> prompt, or even limit it to certain directories. It'd be insane to >> give global access to something like Gears (without explicit >> permission), but I'd love to have some limited filesystem access. >> >> Tac >> >> 2009/7/12 Daniel Vocke <[email protected]>: >> >> >> >> > Hi Gears community, >> >> > I am currently evaluating Gears (more precisely GWT + Gears) for its >> > value as a real platform for application development. I believe that >> > this is the right step in the right direction and see great potential. >> > However, there are shortcomings with regards to the current version. I >> > know we are far from being version 1.0 so I wonder whether this is >> > functionality soon to come or whether the community / the developers >> > think that this will never work for security reasons. Here my >> > scenario: >> >> > I am writing a web application that is making heavy use of a user's >> > local files in a certain directory (and subdirectories). As far as I >> > understood the Gears API, the only way to access local files is to use >> > the Desktop class which offers me that functionality through a user >> > dialog. (Would be happy to learn that I am wrong). This does not meet >> > my needs though as I might want to frequently access diverse files in >> > a certain folder without bugging the user all the time. I believe that >> > full local filesystem access is mandatory for a "platform" that tries >> > to enable desktop-like applications. >> >> > So my question is: Will there be a way to get full access to a folder >> > of the user's choosing? (Assuming the user granted all the rights and >> > was informed about the implications). Is there a way to get that >> > today, or if not, maybe sometime soon? >> >> > Best, >> >> > Daniel Vocke
