Google Gears: A bit unsafe?

Google has recently presented Google Gears, a local DB storage system that currently allows to read feeds offline, and will be used in Google Docs and probably other services in the near future.

I tried it for some days, but I've actually uninstalled it, because it feels a bit unsafe for me.

First, on the online side there are possible XSS flaws that could be exploited. SQL Injection was feared too, but seems that the Gears DB API uses blind parameters inmune to SQLI.

And second, the data is located in a SQLite database, without any authentication. You can open them with SQLite Database Browser for example.

Right now an attacker would just get your feeds data, but what if GMail and Google Docs went offline too? Then it could be able to get more sensitive data... And that's something I don't like to be afraid of.

I hope they add additional security, because the tool itself is useful.

Published 11 June 07 by Kartones
Filed under: , , ,

Comments

No Comments

Leave a Comment

Title (required)  
Name (required)  
Your Website/Blog (optional)
Your Comment (required)  

Captcha
Enter the number of digits on the image above (required)