This is the same security model for Java, if it wants to save a file in your sandbox, or save an application preference. The former prompts the user for permission... I don't remember specifically if saving application prefs requires user approval.

This is not to say this was a necessarily good, or easy to understand policy when it was introduced in Java. However, I'm sure Google's developers (correctly) figure as long as they do no worse they're meeting the status quo expectation.

Web applications will be storing data on user's machines, whether in a sandbox, gears, or some magic lockbox of the future. The faster the developers can all agree on the same method the better, so we can focus effort (and education) on this single point.

I quite like that dialogue - it's short and clear. Most people will base their trust on the brand - in this case Google - and not ask any more questions.

I am assuming the faq is slightly dated, but it does say

"Google Gears is currently an early-access developers' release. It is not yet intended for use by real users in production applications at this time."

I read developers page and they just allowed users to do off-line access to Google docs. I know they abuse the beta designation outrageously, but this does appear to be very early going for this stuff. If people like you point out the mistakes it's possible they will change it before it's out of beta (in twenty years or so). No never in hell would I trust it, but then I am like that never trust anyone or any software.

Regarding the issue of security of the written data:

Why not just use one file per domain to store all data - ie. a database. Also, the content could be encrypted with a random key created during install. Even if you did try to write an executable to the database it would be impossible to run as it would be encrypted.

[The bit about "as enforced by the operating system" should be highlighted. If your users have local admin rights, as on some Windows boxes, they will be able to access files belonging to other users.]

erm like any file you might store locally on your PC..

I'd say the dialog is unnecessary in the first place. The HTML 5 spec (and Safari) contain a similar sqlite-based client-side database already without any user prompts.

surely the very first question when confronted with a download request is "what is the intent of this download?", "what is it intended to do?". Until that is answered I don't download, really simple, security is just a subset of that. Install in general suffers the same problem.

In case you haven't gathered I'm one of the many who hasn't a clue what Google Gears, or any of the many other downloads on offer, does, or why I might need it.

"Avoid Gears when used by smaller organizations that might not have sites well defended against malware."

NO.

That comment is tantamount to a direct attack on SMBs. Money != security - Windows is the archetypal example of that. Just because SMBs don't spend millions on security doesn't mean their sites are not secure. Security is a matter of common sense and comprehensive testing, not the size of your bank account. And the attitude behind the comment - that SMBs are untrustworthy and you should only deal with large multinationals - is playing into the hands of big business and denying small ventures a slice of the market by spreading FUD about the supposed insecurity of SMB sites. As if the big sites are any more secure - witness Facebook and MySpace security as an example. Shame on you.

As the IT Manager for an SMB web developer, security of all our sites is my foremost concern. All our back-end code is developed in-house and tested exhaustively against all known attacks before being deployed. All user input is escaped and parsed before being processed, all our back-end scripts are refreshed daily from backups in case any become compromised, complete logs are kept of all site activity, and I liase regularly with our hosting provider on security issues. Yes, there have indeed been a few hack attempts on our sites (mostly attempts at XSS injection and uploading images containing malware) but so far all have been successfully foiled and all details have been forwarded to the relevant authorities.

Our clients rely heavily on their websites, and the few customers they can glean from major sites, for their relatively meagre income, and FUD like this doesn't help their cause. If everyone adopted this attitude towards SMBs, we would soon see a nice unsafe Internet with only 4 or 5 constantly-hacked websites ruled by a few massive corporations. Do not want.

Google Gears looks like it has the potential to make many webmasters' lives easier and allow the creation of much more effective and personalised websites. Don't let this innovation become the province only of the big players. Just as the terrorists win if we lose all our freedoms, so too the spammers and scammers win if your fear drives all but the major players off the Internet.

Not completely sure on this point, but afaik isn't Google Gears using a SQLite backend - i.e. there is never a question of file storage nor of executable content- it's a normal relational database.

You can't run a file through it any more than you can through javascript [and there's the rub]

Additionally, the level of trust in the URL is somewhat irrelevant, if you didn't have gears you wouldn't have seen anything different that would stopped you using javascript?

Gears uses SQLite, but not solely SQLite. It also enables a local resource store/server for other types of data.

Tim

You have the problem in a nutshell.

User sees that www.dodgymalware.ru wants to use Google Gears. User goes: "Ooo, Google, of course I trust them, they're lovely non-evil people." and a botnet enlarges itself.

Given the number of existing ways of doing stuff on a user's PC via a browser, why Google think we need a new one (with all the commensurate scope for lurking holes) rather than just using one of the existing, battle-hardened veterens is beyond me. I, for one, will be clicking the "shove it up your arse" button when I get this dialogue.

Surely everyone's missing the the obvious? The crux is that Gears is a piece of software that runs inside a browser, at the browser's discretion and under the browser's supervision. The user ought to be able to look at the browser logo and think "I know I'm safe with anything running inside this".

It shouldn't matter whether Gears is a product of Google, USA or Giggle, Sidcup, the security buck should stop with the browser, which should isolate Gears' data (whether SQL DB or exe or HTML or whatever) within the browser's execution context, and cache it within a private disk area.

And what's so special about Gears when we're talking about access to local disk resources? The browser should provide a caching facility to any other app wanting to preserve state.

It all boils down to the ever increasing prominence and functionality of the browser and the net and it's encroachment into the arena formerly dominated by OS-dependent applications. Microsoft has finally cottoned on to this and is scrambling to play catch-up.