[cap-talk] Google Chrome - web browser with sandboxed rendering
Karp, Alan H
alan.karp at hp.com
Tue Sep 9 11:31:12 CDT 2008
David-Sarah Hopwood wrote:
>
> True, but note that a Chrome sandbox [*] can have much tighter
> permissions
> than a Polaris sandbox, precisely because it is only running new code
> with
> no compatibility constraints. The approaches are complementary.
>
Agreed. However, not having access to any files seriously limits the kind of applications you can write. Even casual games need to store their state somewhere. The worst problem we've run into giving a program full access to a restricted user account is when the program leaves a remnant detected by the virus scan, and Corporate IT makes us run remediation software that ties up the machine for two hours.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list