When adding a folder from your local filesystem to the Chrome DevTools workspace, you'll receive a dialog banner which warns you to "not expose any sensitive information" before you grant access.
What are the specific risks associated with doing this? Is the workspace vulnerable to access by extensions? Script injection?
Official response -
"We use the same api as a regular website/chrome app, so it’s not something specific to devtools. I guess in theory if you map you workspace maps to a malicious site and then you live edit your site with devtools open the site might be able to detect your edits? That’s pretty convoluted though.
We assume that information in the workspace is data for your project. I wouldn’t add /etc/passwd to a devtools workspace."
From the review -
"How does one revoke access? If I make a mistake, I can remove the .allow-devtools-edit file. I don't see a way to do this with the new approach.
I'm not sure an infobar is strong enough. There's a class of users that will click this but would never be willing or savvy enough to put the .allow file onto their machines."
As well as -
"The message ought to be scarier, talking about ensuring that there isn't sensitive information in that directory."
Not much, but the original issue for the previous method (adding a file to the folder for allowing it to be mapped also says -
"DevTools needs file system access to allow developers edit/add sources (even those that are not loaded from server, e.g. deployment descriptors, server scripts).
We plan to use File System API (isolated file system).
To add a folder to DevTools users will need to
1. Add an empty .allow-devtools-edit file to the folder (for security purposes)"
I guess because Developer Tools extensions might then be able to read the files you mapped, it can expose highly sensitive information, like unencrypted user names and passwords that might be found in configuration files.
Related
When I wanted to export the model I was working on as a Java application, I encountered an error regarding the databases I loaded into the model. When I said OK to the error, I realized that all the files in the folder I wanted to create the Java application were deleted. That folder was desktop by the way.
Right now all the files (i mean all of them!) on my desktop are deleted and they don't even show up in the recycle bin. How are we going to solve this situation? How can AnyLogic have the authority to delete all files in that folder? How is this authority not shared with me and not warned beforehand?
When you work with software in general, you need to have a version control in place that will allow you to recover your information. These problems occur, and if AnyLogic has access to your computer it's because you grant the permission and it needs the permission. If you make your desktop your project folder, then i would say you are to blame.. why would you do that...
Using GIT as Ben commented, is always a good idea... but it requires you to be conscious about when you commit a version.
What I do, is I use dropbox and all my projects are done in a dropbox folder... the good thing is that dropbox always saves automatically all the files on the folder... this has saved my life multiple times and I suggest you to do something like that in the future. So on one hand you have the autosaving features, which is useful, but sometimes you erase everything by mistake, and the autosave is not useful, but dropbox saves no matter what.
I've written a short swift code to add a button to the finder which creates a new blank file at the current directory via a system touch call. The extension gets the current directory fine (via FIFinderSyncController.defaultController().targetedURL()), but the touch command failed due to sandboxing. How do I ask for permission for the write access? The user-selected file option is not triggered for my code.
As far as I know this should not be possible within Finder sync extension. However, as the workaround you may transfer this functionality to the main application - first ask user to drag drive, where functionality will be enabled, to the app main window, save security bookmark, and then send command from Finder extension to the main app.
You should be able to use a temporary exception entitlement as described here. More specifically, one of the two entitlements should be sufficient:
com.apple.security.temporary-exception.files.home-relative-path.read-write
com.apple.security.temporary-exception.files.absolute-path.read-write
As noted in the documentation, you should submit your reasons for needing a temporary exception entitlement if you plan on submitting your app to the App Store. (I've never gone through this procedure, so I'm not sure how what this process is like).
As far as I know, this isn't possible, and furthermore, this is not the purpose of Finder sync extensions. Apple says here that:
Make sure the Finder Sync extension point is appropriate for the functionality you plan to provide. The best Finder Sync extensions support apps that sync the contents of a local folder with a remote data source. Finder Sync is not intended as a general tool for modifying the Finder’s user interface.
If you want to modify Finder to do what you purpose, you'd have to:
Use a temporary exception entitlement, which will de facto cause your app to be rejected; or
re-think your approach
I'd suggest the latter. Apple is making it more and more difficult to modify the system with every release (for better or for worse). If you need this functionality, file a bug report requesting it.
Theres a few questions similar to this, so I'll try to be clear as possible.
We have an existing, fairly large and complex, GWT webgame I have been asked to make work offline. It has to be offline in pretty much the strictest sense.
Imagine we have been told to make it work off a CD Rom.
So installation is allowed, but we cant expect the users to go to a Chrome/Firefox store and install it from there. It would need to be off the disc.
Likewise, altering of the browsers start-up flags would be unreasonable to expect of users.
Ideally, it would be nice if they just clicked a HTML file for the start page and it opened in their browsers of choice.
We successfully got it working this way in Firefox by adding;
"<add-linker name='xsiframe' />"
To our gwt.xml settings. This seems to solve any security issues FF has with local file access.
However, this does not solve the problem for Chrome.
The main game starts up, but various file requests are blocked due to security issues like these;
XMLHttpRequest cannot load file:///E:/Game%20projects/[Thorn]%20Game/ThornGame/text/messages_en.properties. Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https, chrome-extension-resource.MyApplication-0.js:34053 com_google_gwt_http_client_RequestBuilder_$doSend__Lcom_google_gwt_http_client_RequestBuilder_2Ljava_lang_String_2Lcom_google_gwt_http_client_RequestCallback_2Lcom_google_gwt_http_client_Request_2 MyApplication-0.js:34053
Now I was aware same origin policy issues might popup as during development we often tested locally using flags in chrome to bi-pass them.
Thing is...now I dont know how to get around them when we cant use startup flags.
Obviously in the example given its just the .properties file GWT uses to get some language related text. I could dump that inline in one way or another.
However, its only one of many,many,many files being blocked.
The whole game was made to run off *.txt game scripts on the sever - to allow easy updating by non-coders. Really the actual GWT code is just an "engine" and all the XMLHttpRequested files supply the actual "game".
These files are of various types; csv, txt, ntlist, jam.
The last two being custom extensions for what are really just txt files.
All these files are blocked by chromes security. It seems from what I can make out only images are allowed to be accessed locally.
Having all these files compiled in would just be impossible, as they are not fixed in number (ie, one central .txt file determains various scene .txt files which in turn determain various object files and directory's...).
Putting all this into a bundle would be nightmare to create and maintain.
So in essence I need some way to supply a offline version of a GWT project that can access a large number of various files in its subdirectories without security issues.
So far all I can think of is;
A) Theres something I can tell chrome via html or gwt that allows these files to be read in Chrome like FF can. (I suspect this isn't possible).
An alternative to XMLHttpRequest maybe?
B) I need to somehow package a game+a webbrowser in a executable package that has permission to access files in its directory's. (http://www.appcelerator.com/titanium ? ?? ).
C) I need to package and have the user run a full webserver that can then deliver all these files in a XMLHttp accessible way.
D) Bit of a funny one...we cant tell the user to add flags to browser start up...but Maybe I could write a game installer which just detects if they have Chrome or Firefox. It then opens up the games html in their browser with the correct flags for them? This would open up security issues if they browse elsewhere with that instance though, so Id presumably need other flags to disable the url bar if that's possible.
I am happy to make various changes to our code to achieve any of this - but as mentioned above theres no way to determain all the files needing to be accessed at compile time.
And finally, of course, it all has to be as easy as possible for the end user.
Ideally just clicking a html file, or installing something no more complex then a standard windows program.
Thanks for reading this rather long explanation, any pointers and ideas would be very welcome. I especially will appreciate multiple different options or feedback from anyone that's done this.
========================================
I accepted the suggestion to use Chromiumembedded below.
This works and does what I need (and much much more)
To help others that might want to use it, I specifically made two critical changes to the example project;
Because CEF needs a absolute path to the web apps local html, I wrote a c++ function to get the directory the .exe was launched from. This was a platform specific implementation, so if supporting a few OS's (which CEF does) be sure to write dedicated code for each.
Because my webapp will make use of local files, I enabled the Chrome flag for this by changing the browser settings;
browser_settings.file_access_from_file_urls = STATE_ENABLED;
These two changes were enough to get my app working, but it is obviously the bare minimum to make a application. Hopefully my finding will help others.
I'd suggest going the wrapper route. That is, provide a minimal browser implementation that opens your files directly. Options are Chromium Embedded[1]. If the nature of the application absolutely requires the files to be served as non-file urls then bundle a minimal webserver, have the on-disk executable start the server and open the bundled browser with whatever startup arguments you want.
[1] https://bitbucket.org/chromiumembedded/cef
Sometimes when we issue an upgrade to our application we need to install some files to the application's Data folder. We want to make it possible for the users to move this folder to a place of their liking. But how to deal with this at install time?
I was thinking of deploying to the user's AppData folder and have the application somehow check there for new files at startup.
Any advice or references would be very welcome!
We use InnoSetup for a VB6 application if that matters for your answer.
Generally the best solution I've found is to allow the user to move the folder from within the application.
This allows the application to keep track of where its data is being kept (by adding a reference to it in a file or registry entry which it accesses at load time) and to access it seamlessly in the future.
Your update routines can then also access this information to determine where to place the update files.
Alternatively, make sure the folder name is as distinctive as possible and add a search routine to look for the directory in a number of sensible places at load time. Then write your manual specifying that the data folder can be moved to one of those locations ONLY.
Wouldn't the users just run an update or patch package? I'm not sure why they'd want or need to see such files. It's pretty rare for commercial software to offer users the options of where to store program settings and other internal-use files.
Give some thought to this before putting a lot of stuff into users' roaming profiles. You might want LocalAppData instead.
I'd sooner not just permanently have a bunch of files checked out to me, but I'd like a way to prevent some really critical files being changed without my being aware of it.
PS Yes I know SourceSafe is terrible.
You can only set access rights on a project by project basis.
This is done by running the the Source Safe Administration application and then go to Tools > Rights By Project. Select the required project and then give a users the required priveledges.
In order to protect a subset of files place them in a seperate project and hence protect the subset.
When you go into Source Safe if you set the working folder of the sub folder to be the same as the parent then when you do a get latest etc. all the files will be in the same folder. If you want the protected files to be in a seperate folder then set the working folder accordingly.
It's been a while since I've had to use Source Safe but I don't think it has this kind of functionality built it.
Can you set up a separate repository/instance that excludes the users who shouldn't be allowed to modify them?
Or failing that, just keep the files always checked out on your machine :P
check them out locked exclusive