
Developers Shouldn't Have Access to The Operating System - bretthardin
http://bretthard.in/2012/12/dont-give-developers-access-to-the-operating-system/#.UMpYQHPjn3w
======
mindcrime
Users can download and install native apps, written in C/C++ (or even
assembler) which can access the OS with impunity. Given that, I'm not seeing
how exposing more OS level functionality up through the browser is such a big
deal.

And some low level functionality _is_ crucial (or at least damn important) for
certain types of apps. What sounds like a "bad idea" to me, is to
indiscriminately rule out entire classes of applications because something bad
might happen.

~~~
bretthardin
I should be more clear. The scary thing is having malicious sites exploit the
functionality. URI overflow attacks and Gifar attacks can be exploited at the
website level. Exposing this functionality to the developers is unnecessary.
If a developer wants to run as a native application, then they should. Not run
as a chrome plugin pretending to be a native application.

------
marshray
The important thing is the ability of the _user_ to differentiate between the
local system and sandboxed internet content. Dancing pigs notwithstanding, a
big part of desktop security still relies on the assumption that the
legitimate user will refuse to authorize malicious content when they have all
the information they need to recognize it.

So blurring the lines between browser sandboxed content and desktop
applications _will_ decrease security. Anyone remember the MSIE desktop
integration debate?

------
pygorex
Couldn't disagree more. Any sufficiently advanced platform will give
developers the ability to do potentially dangerous things.

How will Google manage this risk? The same way Apple does with the app store.
Google will act as gatekeeper for downloading and installing packaged apps via
the Chrome Web Store.

Is this perfect? No. Will some bad apps get through? Yes. But the security
tradeoff is worth it to get apps that are more powerful and more useful.

