Previous Page | Next Page
- by Captain Ron at 8:45 PM EDT on August 12, 2011
- I'd be interested if I had more time on my hands, but just as a note on executing native Intel code from a browser... Like you said, NaCl modules do run at the same security level as JavaScript currently; that's exactly the reason why it's unsafe.
Technically, JavaScript & any client-sided script/application is considered "dangerous" if it can directly access a client's file system. JavaScript can be dangerous because it does allow for client file system access (i.e.: even though it may not let you manipulate files on a client's computer, JavaScript can be used to drop trojans & spyware onto a client's computer). Signed Java applets can be even more dangerous, as having a signature grants Java applets the ability to directly manipulate (i.e.: delete, move, copy, upload, download, etc.) files on the client's side. NaCl, honestly, will ultimately be the most unsafe of them all, unless it's developed such that it will prevent programmers from executing file system operations on a client's system.
This said, NaCl's still in development & it does seem very promising (& ultimately, there's no such thing as true, 100% security on architecture that's as open as computer & internet systems).
edited 8:47 PM EDT August 12, 2011
- by fernandoc1 at 7:10 AM EDT on August 20, 2011
- Only to be more precise: you are not allowed to access the client's filesystem directly through JavaScript nor Native Client.
You need to ask the user to get the file for you, before you are able to access it from your client application.
It is in the HTML5 File API specification.
Native Client is build to be secure and it run in a sandbox.
For those who have any doubt about what I'm saying, here is a discussion where I ask about how to read a file from the user filesystem:
https://groups.google.com/group/native-client-discuss/browse_thread/thread/e0133272da037337
- by fernandoc1 at 9:56 AM EDT on August 22, 2011
- I think that will be interesting to read about what OGRE Engine developers have to say about Native Client:
http://www.ogre3d.org/forums/viewtopic.php?f=4&t=66394
https://groups.google.com/group/native-client-discuss/browse_thread/thread/d0bc0f15caf10a6
- by hcs at 10:26 AM EDT on August 22, 2011
- To give you an idea of where I stand on this, I run NoScript in full whitelist-only mode. And I still feel uncomfortable about temporarily allowing a page.
- by arbingordon at 6:50 PM EDT on August 22, 2011
- If you're interested in doing it, why don't you just do it?
- by fernandoc1 at 7:17 PM EDT on August 22, 2011
- The only thing that I have to say is that if you find anything that represents a threat for users of NaCl, you can report it to Google and they will properly reward you for your findings.
I've seen people winning up to $3000 in their security program.
Here you can find more about this:
https://sites.google.com/a/chromium.org/dev/Home/chromium-security
- by fernandoc1 at 7:31 PM EDT on August 22, 2011
- > If you're interested in doing it, why don't you just do it?
That is what I'm gonna do. I need only a little of free time to do this.
What I was trying to do here is only to ask if someone is interested.
But as I can see, there is no one with interest.
Think of this as a proposal to open a new path for this project. I thought that it would be interesting, since it should be easy for people to access VGMStream without needing to install any software in their PCs, other than Google Chrome, through the Web Store. For those that even after everything that I posted here still don't understand what I'm saying, I can only say that time will show you the real thing happening and the next level of computing should arrive soon.
Native Client will not be an exclusivity of Google Chrome, since it is open source. As soon as people find out it's usefulness it is going to be ported to other browsers.
- by arbingordon at 9:11 PM EDT on August 22, 2011
- It's kind of sad to see someone claim their not being understood correctly when someone disagrees with them, but it's not really unexpected in the world of shiny web 2.0 crap.
- by fernandoc1 at 5:52 AM EDT on August 23, 2011
- It is not a matter of people disagreeing with me. You are saying that this is not secure, and I challenge you to point me the flaws of it. That is why I'm thinking that you are not disagreeing but not understanding.
But anyway, I'm not gonna insist on it. So, if you are happy with your Windows, I'm not going to tell you to try another thing.
- by Captain Ron at 8:06 PM EDT on August 26, 2011
- Honestly, even if there is a security flaw in the technology, there's no way of securing it without working on it. I honestly don't have much time for it, but I can try to help out in some way. Here's my tip of the day: if you want to find a good, free, basic web host without ads, you might as well use Dropbox or Wuala.
You can basically host your own HTML-only site alongside the regular file hosting service. Wuala is free for 1 GB of space & Dropbox is free for 2 GB; all you do is install their client program, create your site & copy it with your project files into your Public folder.
http://dl.dropbox.com/u/30766833/test/index.html
From there, you can link a free .co.cc domain to your HTML file's public URL & you'll be all set; it makes life easier for people who want to start off with their projects.
Previous Page | Next Page
Go to Page 0 1 2
Search this thread
Show all threads
Reply to this thread:
HCS Forum Index
Halley's Comet Software
forum source