Hacker News new | ask | show | jobs
by luser001 4823 days ago
Interesting.

It would nice if Chrome separated 'DOM write' permissions from 'DOM read' permissions. AFAIK, today extensions can't request only 'read' permissions.

Yes, I understand that it's a pain for new Chrome developers to have to understand the permission system among other things. I liked the easy ACLs of Chrome when I started.

So maybe they could allow permissions to be written in two different ways in the manifest file? Today's quick-and-dirty coarse-grain permission system would co-exist with a fine-grain permission system that would use new directives.

I'd love to prove to my users that my extension is in fact not malicious.
1 comments
DeepDuh 4823 days ago
> Yes, I understand that it's a pain for new Chrome developers to have to understand the permission system among other things. I liked the easy ACLs of Chrome when I started.

That's a good thing IMO. Anyone who doesn't understand permissions and how to handle them, shouldn't be able to release anything in any app store.

link
luser001 4823 days ago
You probably knew this, but you can write and distribute Chrome extensions without having to upload them to the chrome app^Wweb store.

Second, I've tried to work twice with Doing-It-Right (i.e., fine-grain) permission systems. Once with apparmor and earlier with SE Linux. With AppArmor, I wanted to set up rules to prevent Skype from reading any except a couple of directories. The sheer number of permissions I had to configure was exhausting and I gave up. Maybe I missed something simple, but that's why I'm not clamoring for the current simple, but coarse-grain permission system to be abandoned.

link
DeepDuh 4823 days ago
Well yes, grown-over-time permission systems are also at fault when it comes to the lack of security in third party extensions/apps. IMO unix is still the standard in terms of simplicity and power of permissions - if the system architect separates concerns correctly into different base entities ('files'), the permission system just falls into place. You know what other system did this pretty much perfectly? Lotus Notes. Yes, I'm serious - it's a document based DBMS with per-document permissions where everything is a document, including the application design, contacts, logs, calendar entries. Too bad its UI is still stuck in the early 90ies.
link