unsubscribe
Am 16.07.2009 um 10:27 schrieb Eduard Martini:
It's not a good idea to include features for intranet projects in an
application that is used 90% on large web projects.
For intranet are so many solutions, can even write own browser plugin,
or own browser like app.
Right now, users will install Gears because is from Google and because
have no feature that can harm them (at least not badly).
Right now, I can tell any user: "install gears, it is safe". Let's
keep it that way. "You can install Gears, but must pay attention on
what you are doing" is not sounds very safe.
And you talk about ActiveX, that is one of the biggest intrusion door
ever made. Now, ActiveX is good only for intranet application, any
sane user will deny ActiveX content on a public site. Let's not push
Gears to that way.
My opinion is that bringing this to gears, will be a step back in
popularity and usage on www environment and will push usage on
intranet environments. Is this the way to go?
On Jul 15, 6:04 pm, Michael Tacelosky <[email protected]> wrote:
After posting this, I did a bit more research and found that I can
use
the ActiveX object FileSystemObject to do simple reading and writing.
It's IE-specific, but it does more or less what I want (read and
write
files), I'm posting it here for others with the same issue, who want
to utilize Gears offline capability but need basic system level file
access.
For example, to get a listing of a folder's contents in JScript:
function ShowFolderList(folderspec)
{
var fso, f, fc, s;
fso = new ActiveXObject("Scripting.FileSystemObject");
f = fso.GetFolder(folderspec);
fc = new Enumerator(f.SubFolders);
s = "";
for (; !fc.atEnd(); fc.moveNext())
{
s += fc.item();
s += "<br>";
}
return(s);
}
http://msdn.microsoft.com/en-us/library/f1xtf7ta(VS.85).aspx
So in theory, one could write a custom stand-alone desktop search app
using Gears and FileSystemObject.
Tac
On Wed, Jul 15, 2009 at 10:29 AM, Michael
Tacelosky<[email protected]> wrote:
Sure, but that's true of everything. I've talked to several people
who won't install Gears because they view it to be unsafe, using
your
same logic.
But in fact Gears is very safe to install and use, as safe as
cookies.
There are ways to give restricted file access that is safe, at least
as safe than what we currently have. Particularly in intranet or
private internet applications, I'd love a way to have limited access
to the filesystem.
For example, I have a web-based video application that interacts
with
the user's camera. I was using Flash, but it has too many
limitations. Now I use an ActiveX object, which has all sorts of
issues (IE-only, etc.), but at least it works. I use Gears to store
data, but sometimes I need to do things like say "What avi files
does
the user already have in their video directory?" Or "Dump the
database to a file to it can be imported by another application".
These are both trivial and safe things to do, assuming that Gears
prompted the user and said something like "This website wants to
read
the contents of c:\My Videos. []Accept []Deny", like it does for
the
regular Gears install. Ditto for writing.
Alternatively, I have to install a stand-alone web server (e.g.
DWebPro), add other ActiveX object (ugh), or call some other program
to do the file access. All of these are terribly messy. But if
Gears
offered limited file access, I could use the Offline feature to
create
a completely web-based stand-alone program that did what I'd like it
to do. So that's my hope for Gears.
Tac
On Wed, Jul 15, 2009 at 10:10 AM, Eduard
Martini<[email protected]> wrote:
If there is access, there will be ways to get past limitations
and do
nasty things. If there is no such feature, the risk does not
exists.
On Jul 14, 4:37 pm, Michael Tacelosky <[email protected]> wrote:
I have the exact problem, and think that we'll eventually see a
few
solutions for this, but right now no clear choice emerges.
Adobe Flex is a contender, but I haven't gotten far enough into
it to
know. If you're running in a Windows-only environment, there
are some
interesting things you can do with Internet Explorer, but they
seem to
be better done in an intranet, otherwise there are (rightfully)
all
sorts of security issues to deal with.
Another way is to embed your filesystem needs in an object and
having
your web page interact with that object (via Javascript, like
you'd
interact with a Flash object). I'm still looking for a simple
solution, my ideal world would allow me to compile a PHP script
to an
object and embed it, but that's not going to happen.
Along those lines, I keep hoping that GTK will revive and I can
create
standalone, cross-platform GUI applications in PHP. But I
imagine one
of the other solutions (Gears with more file access, Flex, etc.)
will
happen before that. I would be very happy if Gears offered a
"Allow
this site to read directory and file names?" as part of the
security
prompt, or even limit it to certain directories. It'd be insane
to
give global access to something like Gears (without explicit
permission), but I'd love to have some limited filesystem access.
Tac
2009/7/12 Daniel Vocke <[email protected]>:
Hi Gears community,
I am currently evaluating Gears (more precisely GWT + Gears)
for its
value as a real platform for application development. I believe
that
this is the right step in the right direction and see great
potential.
However, there are shortcomings with regards to the current
version. I
know we are far from being version 1.0 so I wonder whether this
is
functionality soon to come or whether the community / the
developers
think that this will never work for security reasons. Here my
scenario:
I am writing a web application that is making heavy use of a
user's
local files in a certain directory (and subdirectories). As far
as I
understood the Gears API, the only way to access local files is
to use
the Desktop class which offers me that functionality through a
user
dialog. (Would be happy to learn that I am wrong). This does
not meet
my needs though as I might want to frequently access diverse
files in
a certain folder without bugging the user all the time. I
believe that
full local filesystem access is mandatory for a "platform" that
tries
to enable desktop-like applications.
So my question is: Will there be a way to get full access to a
folder
of the user's choosing? (Assuming the user granted all the
rights and
was informed about the implications). Is there a way to get that
today, or if not, maybe sometime soon?
Best,
Daniel Vocke
