On 6/1/12 1:39 PM, Anant Narayanan wrote:
Clicking a link to a website is a very lightweight operation. The risk
to the user is minimal, users may or may not like what they see after
clicking a link, but the chances of any harm occurring is minimal.
Additionally, no matter what the site that had the link had to say
about the contents of the page they linked to, the user will always
end up at the right place so they can see for themselves.
None of this is true when the user clicks an Install button.
Installing an app is more heavyweight. It's the equivalent of the user
clicking through an ActiveX or Java control prompt. It implies a
certain level of trust. There might be permissions that go along with
it. And the user cannot trust an app unless they know what it is.
I don't believe that this is a correct representation of the webapp
security model, nor a good way of thinking about webapps in general. In
the common case, the only special permissions that a webapp gets that a
normal website doesn't get are:
1) the ability to store data. We can allow this because the user has
easy control over this by uninstalling the application
2) the ability to suppress security UI such as the location bar. We can
allow this because we tell the user at install time what domain the
content is coming from.
So in general there is nothing a webapp can do by default which can't be
undone by the user simply uninstalling the app. This is completely
different from an ActiveX install, where you have to trust that the code
won't do bad things. In general, trying a webapp *should* be as
lightweight as clicking a link.
--BDS
_______________________________________________
dev-webapps mailing list
dev-webapps@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-webapps