[google-gears] Re: Offline security - John Ripley - com.googlegroups.google-gears

4 messages in com.googlegroups.google-gears[google-gears] Re: Offline security

From	Sent On	Attachments
no-jo	19 Apr 2008 21:53
sobolanul	22 Apr 2008 07:42
John Ripley	22 Apr 2008 07:55
Chris Prince	22 Apr 2008 11:02

Subject:	[google-gears] Re: Offline security
From:	John Ripley (jrip...@google.com)
Date:	04/22/2008 07:55:15 AM
List:	com.googlegroups.google-gears

There's two different attack vectors being mixed up here:

1) Securing against malware with access to your computer while you're using it (e.g unaware of a trojan).

2) Securing against someone taking your database (e.g stolen laptop).

Case 1) is pretty much impossible.

Case 2) is possible to secure against, but would require a password every time you accessed that site (offline or otherwise). I'd be perfectly happy with that if it were available today.

2008/4/22 sobolanul <edua...@gmail.com>:

I think is impossible to develop a a secure offline application. As long as data are on my computer I am 100% sure that I can retrieve them. Even using fancy algorithms to crypt the content of the local DB and obfuscate the js code, in the wort case I will get the gears source code (are public as I know) and I will compile my own gears addon to read the locally stored data. What is best that you can do is to store locally only local inserted data and any "interpreting" of the data to be done after coming back online. If you store the quiz correct answers locally, you have no chance to keep them secret.