I do love this idea, but it bothers me from a security standpoint. Is there a way to do something like this without giving the author explicit control of all of my online data?
The author has NO control whatsoever of your data.
- Pigshell is a 100% client-side Javascript app. There is no server side. pigshell.com is a dumb static html/js/css server.
- All data (username/password as well as user data like photos and files) travels directly between the user's browser and the provider (e.g. google.com, facebook.com). pigshell.com is not involved at all.
- Pigshell is free software - you are free to download the source code, examine, modify and run it locally yourself. (https://github.com/pigshell/pigshell)
- Our privacy policy is minimal because we know NOTHING about you - not your name, email address, facebook id, nothing. Only your IP address is recorded in apache logs, which is the case with every website you visit.
What is more, we don't want to know. Pigshell has been deliberately designed so as to afford maximum privacy and freedom to the end user.
I don't really doubt you or your intentions, but I guess I might just not understand how authentication works for something like this.
When I try to sign in with Google Drive, it tells me that PigShell (developer email: xxxx@gmail.com) would like access to my Google Drive, as well as my photos and videos. Does that give your API key access to my account, or does only code that I run that's hosted on pigshell.com have access? What do the permissions get tied to? And how would it work if I were to host it locally?
We use OAuth2 client-side flow. Many pure client-side apps use the same technique - pigshell is not blazing any new trails here.
Only the code you run that's hosted on pigshell.com has access. The permissions are tied to the app-id which is embedded in the code. The access token is persisted in your browser either as a cookie or explicitly in localStorage.
We don't and won't support OAuth 1 (Twitter, Flickr etc), which lacks a pure client-side flow, just to avoid the issue of users having to trust the pigshell.com server to generate (and not leak or misuse) the access tokens.
Here is a rough guide to local setup:
- Check out the git sources, run "make" (some more details here, but reading the Makefile should help)
- set up apache to serve the virtual host pigshell.com (if you want to use Dropbox, you need to create a self-signed SSL certificate and set up https as well)
- modify /etc/hosts and set 127.0.0.1 to point to pigshell.com
This way, static assets as well as redirect URLs from the OAuth2 server will hit your local server rather than pigshell.com
the "application" Pigshell (a copy of the javascript downloaded from the "site" pigshell.com and running in your browser is an instance of the "application") requests and say is granted access to your GDrive.
so all permissions/rights are associated with the running instance of the "application" pigshell in your browser - cookies apart, end of story.
other than having served the javascript, the "site" pigshell.com has no further role to play here. so you could just as well have sourced/hosted these javascripts locally.
