On Wed, 2004-10-13 at 06:12, Andrew Ho wrote: > On Tue, 12 Oct 2004, Karsten Hilbert wrote: > ... > > > In the meantime, I wonder what are the critical differences that > > > impede your efficiency? > > A browser cannot access card readers unless quite > > sophisticated add-on code is installed locally. > > Karsten, > What about USB-accessible cards? Most operating systems have built-in > support to read from these.
Yes, but Karsten's excellent point is that in order to use such resources, you need to give the browser-based application (as opposed to the browser itself) a degree of autonomous access to your local filesystem. Such a degree of access might be acceptable for certain, trusted Web applications, but certainly isn't acceptable for any and every Web site or application which you might load into your browser. AFAIK, browsers do not provide the ability to allow certain privileges (such as access to the local filesystem or a special peripheral like a smartcard) for only some Web sites (which would need to be positively authenticated with a PKI certificate, to guard against spoofing), while disallowing access to the same resources to other Web sites or browser applications. In other words, Web browsers are promiscuous. That's OK, as long as they are configured to always engage in safe sex. Currently, it is not possible to configure a browser to discard the condom only with certain Web sites or Web applications. Or perhaps you know a way of making the commonly deployed browsers do that, securely? > Desktop applications can just as easily (if not even more easily) > compromise system security. Yes, true. But there is a far more deliberate step needed to install a desktop application, whereas with a browser, you just type in a URL, click on a link, or worse, some Javascript silently sends your browser to some malware site. That's why any application or code running in a Web browser need to have very limited access to your local system. Note that I am not against Web-based applications, even for collecting data, as well as just displaying it. They have their place. But I agree with Karsten regarding their necessary limitations. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
