0

Is BrowserPlus a secure sandbox for the user?

Hello,
Not sure if this has been asked/documented before, but I was wondering, as a user if I can fully trust *any* BrowserPlus app? Does the framework implicitly restrict the app to a something like a secure sandbox, or is it up to the developer to convince the user?

by
3 Replies
  • Good question.

    The framework does not restrict the developer, though we follow some principles... For example, none of the services form a file path on their own. Instead file paths come from user actions -- user selects path explicitly via drag+drop or file selection dialog. Also, Yahoo owns the distribution network for services, so all services are audited before they are placed on a public server.

    Regards,

    Steve Spencer
    0
  • QUOTE (steven_spencer @ Oct 19 2010, 05:44 PM) <{POST_SNAPBACK}>
    Good question.

    The framework does not restrict the developer, though we follow some principles... For example, none of the services form a file path on their own. Instead file paths come from user actions -- user selects path explicitly via drag+drop or file selection dialog. Also, Yahoo owns the distribution network for services, so all services are audited before they are placed on a public server.

    Regards,

    Steve Spencer


    Thanks for the reply, Steve. My question though is kind of inspired by looking at the docs of Google Native Client. I'm not sure if it's a fair comparison, but from what I understand, either one can be used to write services/plugins that run native code from within the browser (in the case of BrowserPlus, you can write services in C++/C). They seem to emphasize on the sandboxing aspect of the tool, which is what got me wondering. Even the papers they published about Native Client all seem to be in a context of security (http://code.google.com/p/nativeclient/wiki/Papers)
    Please correct me if i'm wrong.
    0
  • QUOTE (Rohit Nair @ Nov 8 2010, 08:32 PM) <{POST_SNAPBACK}>
    Thanks for the reply, Steve. My question though is kind of inspired by looking at the docs of Google Native Client. I'm not sure if it's a fair comparison, but from what I understand, either one can be used to write services/plugins that run native code from within the browser (in the case of BrowserPlus, you can write services in C++/C). They seem to emphasize on the sandboxing aspect of the tool, which is what got me wondering. Even the papers they published about Native Client all seem to be in a context of security (http://code.google.com/p/nativeclient/wiki/Papers)
    Please correct me if i'm wrong.



    The focus of the two projects is different. BrowserPlus is more focused on desktop integration, giving developers more freedom in developing services, but ultimately curating the library of available services (in lieu of the sandbox). Developing services is easier with BrowserPlus (especially when you code in Ruby), distributed on the fly, asking for the user for permissions on the way.

    One big part of desktop integration is local file access ... a BrowserPlus service could be developed to read a user's iTunes play list, for example, to allow for music recommendation. Google Native Client, as far as i can tell, does not allow for local file access. While arbitrary file access is dangerous, allowing focused services a little leeway can make for some powerful services.

    So BrowserPlus keeps things secure by curation, code review, user interaction. And if any part of that fails, there's a kill switch (black list) that can disable specific services or the platform itself in the field.

    Steve
    0
This forum is locked.

Recent Posts

in Support & General Questions