1. Field of the Invention
Embodiments of the present invention generally relate to techniques for accessing local computer system resources. More specifically, embodiments of the present invention relate to a method and apparatus to access local computer system resources from an isolated application (e.g., a browser) which has limited or no access to the local computer system resources under normal circumstances.
2. Description of the Related Art
Computer systems are often subject to unauthorized access attempts by malicious software and users. Such malicious entities gain access to sensitive system resources and data. These resources may include sensitive system files, input/output devices, system configuration data, user information, file operations, or any other resource to which a malicious entity should not have access. In order to protect these resources, it is common practice to prevent certain application types from accessing such protected resources.
One of the most common avenues of attack is through a web browser. By exposing the local computer to the internet, a user takes a risk that any web server they communicate with may attempt to gain access to private system resources. Because of the inherent vulnerability of software that interfaces with remote computers, it is common practice to screen browser applications from interacting directly with these resources. Various frameworks such as browser add-on modules (“plug-in”s), and application programming interfaces (“API”s), are provided in the event the browser needs to access such resources without compromising system security. Generally, the application developer must know the specific framework required for each type of browser and resource.
While browser plug-ins to support a web based application provide one possible technique for accessing the protected resources, they are not an optimal solution because they must be individually tailored to each browser. Operating systems also may provide API frameworks for accessing these resources, but, as with plug-ins, the application must be tailored to a specific operating system. Additionally, a developer must ensure the plug-in and API implementation are updated so that the release of a new version of the browser or operating system does not disrupt access to the web application.
As web applications (e.g., designed to be run within a browser) become more and more popular, the software developer must spend an increasing amount of time ensuring application compatibility. This results in substantial additional development and maintenance time if the developer wishes to reach the largest possible user base.
Therefore, there exists a need in the art for a method and apparatus that enables a user to access protected system resources that is not dependent upon a particular browser configuration or API framework installation.