Find solution
How can I add extension to browser from ExtJs application?

From an information security perspective, which is less risky: downloading a Windows application or adding a browser extension?

  • Our B2B SaaS product can either be delivered via a downloadable windows program or as browser extension.  There are pros and cons to each from an information security perspective.  We want to focus on the path that will incur the least resistance from our client's IT and Information Security departments. We are targeting large SaaS companies (eg, think SalesForce, MailChimp, or Tableau) who are actively developing new products and features.  We provide automated QA via a SaaS model.  To get to these QA environments, our service needs to have access behind these firewalls.  And, this requires use of either an executable program or a browser extension. Which option is likely to give the IT or IS department staff the least amount of heartburn? If more information is needed to answer the question, then indicate what questions you have.  And, thanks!

  • Answer:

    From a Security perspective I would have to go with an application ... You must be signed in to read this answer.Connected to GoogleConnected to FacebookBy continuing you indicate that you have read and agree to the .  Loading account...Complete Your ProfileFull NameChecking...EmailChecking...PasswordChecking...By creating an account you indicate that you have read and agree to the .

Quora User at Quora Visit the source

Was this solution helpful to you?

Other answers

I believe it would be easier for an IT department to control an application vs. a web plug-in to a SaaS application.  Either way, the application or extension needs to be controlled with the proper rights.  Web browsers have the most exploits published and utilized.  An active-x control, commonly used to enable SaaS applications, combines the vulnerability of a web browser with the capability and connections of the application - a very dangerous mix. A generic application (including IE, Firefox, etc) can be controlled by implementing a least privilege model.  This essentially takes all the rights away, then adds back only those rights required for an application to operate.  Software like Arellia has been controlling privilege for applications for 7 years now.  Look for exciting developments in active-x control coming up!

Jake Taylor

From a security perspective, I would say that the plugin would be a more discrete and clear way of showing how much information you are asking from the end user, since you're subjected to asking for permissions explicitly from the user. This in a way boosts the credibility of plugin in question, since users generally tend to trust their browsers (given that most people spend their time these days on browser). On the other hand, an executable generally runs without any secure sandbox and hence can read/alter many things on a computer without need of explicitly notifying the user, which kinda makes it less preferable from an end-user's perspective.

Adarsh Jagannatha

It is more important what the program does rather than how it is delivered (browser extension/application). Personally, I would favour application from usability / management perspective (as supporting install/uninstall/problems on several browsers might be a bit messier). Also, IT would be more in control installing such program (compared to browser extensions that are stored in user browser profile).

Giedrius Majauskas

Related Q & A:

Just Added Q & A:

Find solution

For every problem there is a solution! Proved by Solucija.

  • Got an issue and looking for advice?

  • Ask Solucija to search every corner of the Web for help.

  • Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.