| Thread Previous • Date Previous • Date Next • Thread Next |
Hi all,there is a somewhat sparsely documented feature of webapps that allow you to specify --webappModelSearchPath=. as a parameter of webapp-container in the .desktop file and have a file called webapp-properties.json in the project. This can specify a script to be loaded into the webapp, which you can also put in the package or possibly on a remote server, an example of this can be found here http://bazaar.launchpad.net/~sil/+junk/seshat/files
Now this got me thinking about all the awesome stuff I could do with this, I could write a webapp that wraps my online banking and paypal and then it scrapes the statements and offers to reconcile stuff against my Odoo server or something. Awesome. Someone else could do this too, and write a webapp that wraps a bank and does evil stuff, this would then instantly pass all the automated tests and be published in the store ready for people to start using. This is a bit of a worry. I did install the HSBC app when I got the phone, but I didn't run it until today when I figured out how to read the source (it is in /opt/click.ubuntu.com/hsbc.krysztau) however I fear that I am a bit of an outlier and most people will run a banking application without first reading the packaging source and checking for evil stuff.
Perhaps it would be an idea to have a manual review process for webapps that insert stuff where the developer can't prove that they control the website in question.
Alan.
| Thread Previous • Date Previous • Date Next • Thread Next |
