I had to see it to believe it. Some clever bod has created a simplified version of photoshop, that requires only your browser.
http://www.pixlr.com/app/
http://www.pixlr.com/app/
-
-
That is brilliant (good old Flash eh?
). Can't find a text tool, but it's probably in there somewhere or on the way.
-
Comment
-
Is there any risk here using online programs that have full access to you computer, i.e its a open door for someone to use or can you limit their actions to stop them grabbing your data and sending it back, especially something like this that you may be using for a couple of hoursChris AshdownComment
-
My understanding is that this is one or more Flash files (.swf) which download to your browser to run, so your images stay on your side, they don't go server side. Also, I think there are security measures built into Flash to make sure that SWFs can't go roaming round collecting and sending data, otherwise it wouldn't have gained acceptance. That's not to say that there might not be issues with non-Flash sites where your data goes and/or is stored server side, but that's a different issue.Comment
-
this app has limited access to your system, since in order to put images in there, you need to upload them.
the only problem here is that the images will be cached on the server while you work on them. no major problem for most. This app is in flash, and uses your browser cache too. it cannot however, drop anything malicious in there.
there are some interesting online apps, and in each case, its wise to investigate (google) them thoroughtly, for ny mishaps with other peoples data.Comment
-
Gabe - are you sure that the images go to the server, since a Flash file runs on your PC, not the server?Comment
-
If you download and run the pixlr.swf locally you see that you cannot save the files - so I have a feeling the files are uploaded. They also mention on the blog about the average files breing 590Kb.Comment
-
Hi GabOriginally posted by gabrielcrowe View Post
You are obviously far more knowlegable than me, who is just a shop keeper who dabbles, but whilst this program does ask for the image, I was wondering if a dishonest programer could write this sort of software appearing very usefull but in the background harvesting info from your computer
This is not just related to this program but any simular ones that may use flash, afterall everyone thought XP was very safe when it was released but how many security alerts have there been since it went on sale
(I am getting paranoid about security and backups I know)Chris AshdownComment
-
both flash and javascript are sandboxed and do not have access to your filesystem.
flash accepts an upload via a html form, and is subject to the sandboxed nature of the browser.
in fact, the uploaded image path is not disclosed it cannot be used on the server, only the raw data from the file and its filename.
in javascript, you cant even extract the filename from the upload box/button combo using the dom model.
the worst thing that flash can do is inject text into your clipboard. it has a function called SetClip() or some such thing. This was recently documented, with some examples. Flash can also, activate your webcam, and stream it, and activate your microphone and stream that. All of the above require your permission, in the form of a popup thingy.
It is possible for a malicious programmer to write an activex *shivers*, for IE, that can access the filesystem. Take a look at online virus scanners for example. This is also possible in the Java applet world. Most browsers do a fair job or warning people of the danger, with security popups and such, but it seems people 'get used' to them, and just press 'yes, pillage my filesystem' anyhow.
typically, its all about trust.Comment
-
Thanks Gab
Nicely describedChris AshdownComment
.
Comment