Page created:
Jun 16, 2009 (? ago)
Last modified ? ago
To main page | Opera Unite HowTo's

Security


Opera is known for security of it's software, so they explain quite a bit about security of the apps here , it seems that code is running in a "sandbox", rather than in the wild.

Still, I'd like to point out, that out of all browsers in the market Opera was always the one most secure browser. This is confirmed by my experience using it for years.

VMWare

But if you are seriously worried about safety - you can run Opera inside VMware (although this probably wouldn't be as trivial as it sounds).

The plan (probably any small Linux distribution, like DamnSmallLinux or PuppyLinux , run it in VMWare player and compile Opera from here .

Opera provides .deb for Debian-based systems, but I'm unaware of any small linux distribution that is Debian based.

File Sandbox

The filesystem used by Opera Unite is located deep in the /Documents and Settings/ folder, so there is no real way to load file with absolute path (i.e. get out of sandbox and do something nasty). For futher explanation - see fileio docs .

In short - you can only access the storage folder (where your app can create files) or application folder where your app resides (in read-only mode) or folder explicitly specified to be shared by user.


XSS attacks

I'm not sure, but cross-site scripting attacks are (maybe) possible. Although Opera probably done some stuff to prevent this, still it would be wise to escape all "<" symbols in all incoming data to "&gt;".


Slava V. [about me]


main page



Last updated


  1. Markuper (HTML templates)
  2. .ua
  3. Opera Unite HowTo's
  4. .us (files)
  5. Distribute Your Application
  6. 24/7 sites (permanent applications - idea) [stub]
  7. Issues
  8. HTTP Connections (AJAX/REST)
  9. Cookies
  10. file_wrap.js - File Wrapper
  11. Basic HowTo: Simple app (tutorial)
  12. Static images, client-side scripts
  13. Application Examples
  14. How to Debug Opera Unite apps
  15. Persistence & databases
  16. Opera Unite benchmark
  17. From PHP to Opera Unite
  18. Uniteness (Framework)
  19. Config.xml
  20. Key-value storage
  21. Widget Object
  22. Notifications (Growl'esque)
  23. Reset (debug)
  24. Cron example
  25. What I meant by CNAMEs
  26. Wish List
  27. Device Unavailable
  28. StopLorem (Opera Unite blogging)
  29. uniteness-0.11
  30. GET/POST data
  31. CRUD And Static (example)
  32. Opera object
  33. URLs
  34. Headers & Redirects
  35. Error Console
  36. JSON State (storing data)
  37. Security
  38. /storage/ (in fileio)
  39. Yusef library
  40. unite_info (a-la php_info)
  41. Javascript Imports
  42. onunload / _close
  43. fileio: Sandboxed Filesystem
  44. Request Hierarchy (like php_info)
  45. Intro: Web Apps with Opera Unite