Tino! what u say can i give some data locally to the gears so that this data is forwarded somewhere or print on the html page after reading by the Gears?
On 3/21/10, Tino <[email protected]> wrote: > On 20 Mrz., 07:38, Kevin Layman <[email protected]> wrote: >> 2> is it possible like data stored locally by one site is accessible from >> other site (security) >> >> Someone else more knowledgable than me needs to chime in here, but I would >> say theoretically yes. > > The answer to this is easy: > > There is no difference between Gears and an ordinary Websites. Gears > only acts (mainly, except for some things like the Geolocation-API) > like a website proxy cache. So like a website is able to access > another website, there is a way that one Gears accesses another one > (for example by using IFRAME). Or another website. Or a website > Gears. (Or General Failure reading your harddrive. YKWIM) > > Having said that, this answer already is wrong. Gears offers a new > way for site interaction: Cross domain workers. With a cross domain > worker, Gears is able to access data on another website and thus data > can be published this way to the other website, too. But the cross > domain workers must be started by the code which activates Gears in > your browser AND the other domain must allow the cross domain workers > as well, so there must be a certain high level of prior defined > cooperation between the JavaScript code on both domains to > successfully work together. > > So if you ask: "Is there a way to be able to let two websites > intercommunicate on a reliable and pre-defined way with Gears and > without using things like Greasemonkey or other bad workarounds", then > the answer is "yes". Gears adds some quite more easy way to interact > between websites than there already is (for example, without Gears you > still can construct IMG Urls to play Global Thermonuclear Warfare with > data between different sites on the Internet, if both know how to play > Wargames. However as we know, the best turn is to not to start this > game *eg*). For security this means: Yes, your data can leak to > other websites, if the programmer who wrote the JavaScript intended to > let such data leak. Gears offers no protection against evil program > code from a domain to leak the data from that domain to another domain > (it cannot access data of a third domain, though, which is not > cooperative). > > If you ask "is my locally stored data secure against other evil > websites who try to steal data", the answer is, that Gears has no > known holes to leak such information, or to say it so: There is no > higher risk with Gears than there is without it. However as always, > Gears might have bugs and Gears is unable to secure data on insecure > computers, and there are steadily pouring in bugs for all browsers > which might leak data, AND with risen complexity of code the > probability of Cross-Site-Attacks becomes higher as well. For > example, if a backup of your harddrive makes it to a website, all > Gears data can be read from this backup of course. > > So Gears introduces no additional magic to protect your data. But it > also does not introduce new threats except the obvious ones which > always comes with more code. > > >> 3> is it possible like user himself can modify cached data (security) >> >> If by cached you mean stored in the localstore db or your app db, >> absolutely, anyone with access to the local machine can access the db. > > I already read and modify the local Gears database with CygWin. > > As Gears becomes deadly slow if it has to cache more than 3000 URLs or > so, I have a fixer script which access the Gears SQLite database and > repair it such, that I think I will be able to store more than 1 > Million URLs in a single LocalFileStore. (However I am still far from > my goal of more than 1 Billion URLs, Gears cannot help with this, > sadly, because it seams that Gears sometimes accesses SQLite not using > Indexes and therefore it take ages until the tablescan completes on a > 50 GiB SQLite Database. A 700 MiB Database however it is not this bad, > as the DB then fits into memory cache.) > > $ sqlite3 localserver.db 'select max(EntryID) from Entries' > 377697 > $ ls -al localserver.db > -rwx------+ 1 tino None 296039424 2010-03-21 16:17 localserver.db > > HTH > -Tino > > To unsubscribe from this group, send email to > gears-users+unsubscribegooglegroups.com or reply to this email with the > words "REMOVE ME" as the subject. > To unsubscribe from this group, send email to gears-users+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.
