Comments on: WebApp as Desktop App Security Model?

By: AnyHosting » Blog Archive » Thin client or fat client - Why choose?

AnyHosting » Blog Archive » Thin client or fat client - Why choose? — Fri, 13 Jul 2007 08:15:41 +0000

[...] be able to take my web applications out of the browser and manage them locally, and I’m not alone. Making apps more desktop-like seems to be the right way to get [...]

By: Alex Faaborg

Alex Faaborg — Mon, 09 Apr 2007 23:18:43 +0000

Or better yet: Simply launches the real browser rather than handling untrusted URL’s.

In addition to being better from a security perspective, I think this is also a better user interface. If you click on a link to upcoming.org in Google Calendar (which is running as an application), you don’t want your app to turn into a Web browser, you want the link to open as a new tab in Firefox. I think the behavior should be the same as if the user clicked a link in iCal.

There are also certain apps (RSS readers in particular) for which it really does make for a nice user experience to be able to open links in tabs in the same window.

If the app is often used to open new tabs to other sites, then I would imagine users will probably want to keep the app in Firefox to begin with.

By: Robert

Robert — Fri, 06 Apr 2007 23:55:00 +0000

Dan Mosedale: I would even consider a “permissions.xml” file which could contain a list of allowed hostnames for the instance. So you can have multiple hosts, but only if approved.

By: Dan Mosedale

Dan Mosedale — Fri, 06 Apr 2007 18:16:51 +0000

* SSL/anti-phishing UI
* back/forward for webapps that are partly AJAX and partly page-based (eg backpackit / basecamp).
* pageload status

The idea of restricting based on hostname is an interesting idea. Would that extend to disallowing (e.g.) interstitial ads by DoubleClick, or were you just thinking of restricting top-level windows?

There are also certain apps (RSS readers in particular) for which it really does make for a nice user experience to be able to open links in tabs in the same window.

In some ways, I suspect the trick is going to be figuring out the best subset of the standalone web app issue that can be solved with the appropriate balance of usability and security.

By: Dan Mosedale

Dan Mosedale — Fri, 06 Apr 2007 18:11:00 +0000

While RealWebApp currently uses a completely chromeless window, I tend to think that some more minimal chrome is likely to be useful for various reasons:

By: Robert

Robert — Fri, 06 Apr 2007 03:03:00 +0000

Mark: Discussion is critical. Too much separation, and the concept is really just a themed browser. Too little, and security is at risk. Finding that balance will take some work.

By: Mark Finkle

Mark Finkle — Fri, 06 Apr 2007 02:42:19 +0000

Robert – You raise some good questions. In WebRunner, Benjamin has some code to open external links in the default web browser. Mainly, for convenience, but it also helps security. It may not be foolproof, but works fairly well.

I do believe, as does dmose, that something more needs to be done to provide a level of trust to the user. Even if we don’t know the answers yet, at least we’re talking about it.