|
|
|
|
|
|
by maria2
1281 days ago
|
|
|
Can you give a specific example of what is wrong with Min's security configuration, assuming it is following Electron best practices. Asserting that the security model is bad and linking to Electron's security tutorial is not helpful. |
|
|
For a single specific example, look at the information on permissions and compare to how min handles them. I also see no functionality that attempts to determine if code is malicious or not. Chrome does have measures in it to do this.
That said, I need to be clear. The matter at hand is not a matter of mere configuration and cannot be addressed by better configuration of Electron. Chromium was designed and built to run in a very hostile context. Electron has been built to run in a much more trustworthy context. There is no amount of configuration that will turn the latter into the former because it is not purely a difference of configuration.
Electron's security model is not bad in any absolute sense. It's designed for a particular context and set of scenarios. Dropping it into a very different one with very different needs makes it a poor fit for the job at hand. You may as well descend into a volcano with a home stove potholder.
I hope this has clarified matters. I understand that some people will be very discouraged by the stance I have taken on this. I have no desire to crush their dreams, only to ensure they make good and wise decisions around security.