This week's book giveaway is in the OCAJP forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide 1Z0-808 and have Jeanne Boyarsky & Scott Selikoff on-line! See this thread for details.
No, the book doesn't discuss that at all because I'm not sure what the use case would be. Well, I take that back, I can think of some situations... a sovereign webapp run in a library for example, you might want to have the concept of users that maybe stores settings in Gears or something like that.
That being said, I think that's maybe a bit of an unusual use case... I think typically you tend to assume that a sovereign webapp is run by one user, since it's on their machine. Think of it like MS Word or something... you don't have to log in to use it, even though you may have some user-specific settings (initials for example).
Then again, a counter-example would be Firefox, where you have profiles. But even in that case there's nothing like authentication or logging in, there's simply switching profiles.
I haven't done much thinking about this I'll admit, so I'm just kind of throwing out some ideas here. But the answer to your question in any case is no, this isn't discussed in the book at all and I don't at present have any preferred method to do this.
Joined: Aug 10, 2006
Thanks Frank. It is a rather interesting case, which is why I bring it up. It is one of those things I'd like to see presented, and see how someone else addresses the issue.
In any event, I look forward to taking a look at your book.
Joined: Dec 16, 2004
Yeah, I'm with you, it's something I'd like to hear about too. I suspect there's probably only a limited set of cases where it would come into play, but they are interesting cases and worth discussing.
I suppose the way you could tackle it is that every time a user "registers", the app creates a separate Gears database for them, with the password stored in it in an encrypted form. This is in no way, shape or form 100% secure, but it's probably good enough for many situations. That way, the data is segregated and should, to a first approximation, be somewhat safe from others. Of course, you can just hack the SQLLite database files, but like I said, to a first approximation that might be an acceptable risk.
I think I remember seeing Dojo including some encryption support on top of Gears, but I'm not sure the status of that or how robust it is, or how far along it is, that could be another good, helpful piece of the puzzle.