Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I wonder what are the security implications. I just opened a random URL and an arbitrary application was launched inside my Internet OS desktop. What if someone gives me a link to a malicious password stealer, for example? I think a permission system would be nice.


There is a permission system I think. It's described in the developer docs:

> […] your app will get a few things by default: […] An app directory in the user's cloud storage […] A key-value store in the user's space […]

> > Apps are sandboxed by default! Apps are not able to access any […]

https://docs.puter.com/security/

I guess that refers to the cloud storage/backend. Clientside apps seem to run as IFrames, so should be subjected to normal browser sandboxing (…and actually, I guess, multiprocessing too), with only explicit message-passing.

Honestly I think the developer API could have been better highlighted by this HN post. Puter's actually doing a bit more than the Desktop Environment mockup that's visually apparent, and not featuring that seems like a wasted opportunity to pick up some app developers.


Maybe it could be "sandboxed" in an iframe?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: