On 11/25/11 10:58 PM, Daniel Ingalls wrote:
Hello Ram - [...] It is a focus of this year's Bachelor project at HPI to push forward in both portability of Lively apps in the mobile sphere and, we also hope, access to hardware features on a par with native apps.
The same security issue applies to LK's access to the underlying hardware, applies to the squeak browser plug-in: with great power, comes great responsibility. The more access to the client's OS that a web-app has, the more potential there is for malware.
Microsoft raised an important point about WebGL earlier this year: a web-app could bypass normal browser security and wreak havoc on a user's system simply by making the proper OpenGL calls to the video card and no existing security software can check to see if this is being done. The only symptom is the melting card. Same thing applies to any extra access given to LK above and beyond the existing browser sandboxes.
lawson _______________________________________________ lively-kernel mailing list [email protected] http://lists.hpi.uni-potsdam.de/listinfo/lively-kernel
