Google – Chrome Packaged Apps – Security Model
The Accurate Source To Find Quotes To Google – Chrome Packaged Apps – Security Model.”
[Google – Chrome Packaged Apps – Security Model]
[Adam Barth – Software Engineer] Source: LYBIO.net
Hello! My name is Adam Barth and I work on the Chrome teamâ€™s packaged apps effort. I am here to talk to you about the security model of packaged apps. Packaged apps have access to features and services that a normal web app would never have access to. Users need to be confident that the apps they install will not behave in unexpected ways that endanger their system. Chrome has a variety of defenses and protections that make it easier for you to create safer apps.
The first is process and storage isolation. One of the foundations of the web security model is that a web app or site on one domain is not allowed to affect the data held in another. This same principle is upheld for packaged apps too. Even though an app is installed, actions inside it should not be able to directly affect data in another. Each packaged app runs in its own process, so if something goes awry it will not directly affect apps running on the userâ€™s system. The data stored in each app is also sandboxed and isolated from other packaged applications installed on the userâ€™s system. This means that a file saved in the app will only be visible to the app and the user that created it.
Secondly, Chrome makes use of a technology called Content Security Policy, commonly known as CSP. This technology helps protect users and developers from common cross-site scripting attacks that can be found on the web. In fact CSP is enforced by default for every packaged app. Because packaged apps have access to even more features than a web app, CSP has disabled some features that you might expect as a developer such as: Inline scripts like click handlers and