Re: [whatwg] Security risks of persistent background content (Re: Installed Apps)

Maciej Stachowiak wrote: I'm not sure if I'd be totally comfortable with putting something as streamlined as the Firefox extensions model. As presented on , it seems fine - the extensions posted there are centrally vetted and reviewed, the user has to take a clear e

Re: [whatwg] Security risks of persistent background content (Re: Installed Apps)

On Jul 30, 2009, at 10:18 AM, Michael Davidson wrote: On Tue, Jul 28, 2009 at 10:58 PM, Maciej Stachowiak wrote: Here's some security risks I've thought about, for persistent workers and persistent background pages: Thanks for the list, Maciej. However, Firefox extensions today have a

Re: [whatwg] Security risks of persistent background content (Re: Installed Apps)

On Thu, Jul 30, 2009 at 10:18 AM, Michael Davidson wrote: > On Tue, Jul 28, 2009 at 10:58 PM, Maciej Stachowiak wrote: > > > > Here's some security risks I've thought about, for persistent workers and > > persistent background pages: > > > > > > Thanks for the list, Maciej. However, Firefox exte

Re: [whatwg] Security risks of persistent background content (Re: Installed Apps)

On Tue, Jul 28, 2009 at 10:58 PM, Maciej Stachowiak wrote: > > Here's some security risks I've thought about, for persistent workers and > persistent background pages: > > Thanks for the list, Maciej. However, Firefox extensions today have all of the same problems. Do you consider the permission

Re: [whatwg] Security risks of persistent background content (Re: Installed Apps)

On Thu, Jul 30, 2009 at 11:09 AM, Maciej Stachowiak wrote: > On Jul 29, 2009, at 3:05 PM, Robert O'Callahan wrote: > > What happened to my idea for browsers to have a special window containing >> tabs for "background apps", which save screen real estate by just showing an >> icon and title (and

Re: [whatwg] Security risks of persistent background content (Re: Installed Apps)

From: "Maciej Stachowiak" Sent: Wednesday, July 29, 2009 6:09 PM Given the risks I cited for the original form of the feature, I think we need to keep in mind that a lot of the security risks are subtle and insidious, and we need to be really cautious with any feature of this type. Regard

Re: [whatwg] Security risks of persistent background content (Re: Installed Apps)

On Jul 29, 2009, at 3:05 PM, Robert O'Callahan wrote: What happened to my idea for browsers to have a special window containing tabs for "background apps", which save screen real estate by just showing an icon and title (and a URL or domain?) and no actual tab content? You might modify the

Re: [whatwg] Security risks of persistent background content (Re: Installed Apps)

On Thu, Jul 30, 2009 at 10:15 AM, Tab Atkins Jr. wrote: > On Wed, Jul 29, 2009 at 5:05 PM, Robert O'Callahan > wrote: > > What happened to my idea for browsers to have a special window containing > > tabs for "background apps", which save screen real estate by just showing > an > > icon and title

Re: [whatwg] Security risks of persistent background content (Re: Installed Apps)

On Wed, Jul 29, 2009 at 5:05 PM, Robert O'Callahan wrote: > What happened to my idea for browsers to have a special window containing > tabs for "background apps", which save screen real estate by just showing an > icon and title (and a URL or domain?) and no actual tab content? You might > modify

Re: [whatwg] Security risks of persistent background content (Re: Installed Apps)

On Wed, Jul 29, 2009 at 6:05 PM, Robert O'Callahan wrote: > What happened to my idea for browsers to have a special window containing > tabs for "background apps", which save screen real estate by just showing an > icon and title (and a URL or domain?) and no actual tab content? You might > modify

Re: [whatwg] Security risks of persistent background content (Re: Installed Apps)

On Wed, Jul 29, 2009 at 1:39 PM, Drew Wilson wrote: > Agreed that this is a big deal, and is a problem I hadn't considered > previously. I would assume that browser malware detection would blacklist > these sites, but I hate to lean on some magical malware detection > infrastructure too heavily. Th

Re: [whatwg] Security risks of persistent background content (Re: Installed Apps)

What happened to my idea for browsers to have a special window containing tabs for "background apps", which save screen real estate by just showing an icon and title (and a URL or domain?) and no actual tab content? You might modify the UI so that quitting the normal browser leaves this window open

Re: [whatwg] Security risks of persistent background content (Re: Installed Apps)

On Wed, Jul 29, 2009 at 1:58 AM, Maciej Stachowiak wrote: > Here's some security risks I've thought about, for persistent workers and > persistent background pages: > > . . . The problems you lay out seem basically insurmountable for anything with a significantly less cumbersome and scary UI than

Re: [whatwg] Security risks of persistent background content (Re: Installed Apps)

I intended the "resistant to malice and incompetence" definition of safe, not the idempotent definition of safe. Thanks for clarifying. Even in a world of exceptionally sophisticated applications, now and in the future, I think it is worth preserving the safe and stateless properties of the web. Th

Re: [whatwg] Security risks of persistent background content (Re: Installed Apps)

I'd agree with #1, for some given value of "safe" - we've all heard tales of search engines inadvertently deleting data on people's sites by following links. Note that web storage violates #2 and #3 (and even cookies could be viewed as a violation of #2, depending on how broadly you view "caches").

Re: [whatwg] Security risks of persistent background content (Re: Installed Apps)

This is a good analysis. I agree that it is important for the web to maintain some important properties that are in conflict with persistent background processing: 1. All links are safe to click 2. When a page is closed, the only artifacts left behind are items in various caches 3. The user agent

Re: [whatwg] Security risks of persistent background content (Re: Installed Apps)

Maciej, thanks for sending this out. These are great points - I have a few responses below. The main thrust of your argument seems to be that allowing web applications to run persistently opens us up to some of the same vulnerabilities that native (desktop and mobile) apps have, and I agree with th