Brian "Krow" Aker (krow) wrote,
Brian "Krow" Aker

Google Gears, Gmail, Security Concerns

Google Gears release is just plain nifty.

Jump just a little bit forward in time to Google making both GMail and Google Calendar available. Suddenly you have offline usage for two of their main products (and frankly this is what might make me finally consider using their Calendar application, which would be great for my friends since they could then finally know when I am in town or not).

For the database world there are very practical applications in synchronizing data sets to local storage so that users can either do data entry locally for later storage, or business intelligence.

We have been limited by max cookie size for a bit too long, this really changes that.

One of my fears? Rasmus.

Nice Greenlander who can drink beer faster then you can, honest, I've seen him prove it.

He also has this tool that he wrote at Yahoo which can tear a website apart and look for cross site scripting problems. I've now seen him give two talks, one at the PHP Vancouver Conference, and another at the MySQL User's Conference. In both of these he showed that many of the websites out there today are vulnerable to this. I believe he estimates it at nearly 80% of the sites out there.

Mix locally stored data, which might be sensitive, with cross site scripting and I am left with some concerns. The guys at Google are smart, so I know they have thought of this. But I am left to wonder about the sites who will put this in place as part of their application framework, and not think through all of the security issues.

On the reverse side I can see other possibilities once you extend the google work. Why not make a local store which can share data? How about a local cache?

You find a great clip/video on a site and download it. Why not share that with other immediately in the same network? Change the SQLite component out for something which is shared nothing, or P2P like.

Downloads could be made faster, or groups could work on data in a local environment in a collaborative way.

Or a virus, we could share those too.... but that is not nearly as cool to think about :)
  • Post a new comment


    Comments allowed for friends only

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded