I have no idea who was the author of dumb idea to display document’s content in a browser – I always thought that if you unable to open file in specialized application this means you are not intended to see that file. Today I noticed on LinkedIn an advertisement of another one square wheel and realised that the advertisement of ARender is really obsessive, some examples:
- Meet me in milan @Springboard tomorrow ARender discussion
- ARender soon in Las Vegas EMC WORLD
- ARender for Documentum
- PAS alternative : ARender for Documentum
- xCP2 viewer integration ARender
- who is interested by ARender at emc world?
- URGENT HELP I need you
But being a curious person I decided to give ARender a chance and “tried” it, the result, as expected, was mediocre – 10Mb of network traffic for a small pdf file, interesting, how it can be fast (quote: “Extremely fast startup time, no application download required at client side.”) if it sends a bunch of http requests on every resize? But, may be a network traffic is not an issue anymore, after all we are in 2015. Ok, let’s explore ARender site.
Do you have any idea why I like /etc/passwd file (I believe passing /dev/zero is also a funny option)? It contains information about users’ home directories, which in turn contain .bash_history files:
PS. I got a response from ARender team:
We have read your blogpost thoroughly regarding the problems you raised on our document viewer, ARender.
First of all, many thanks for sending us the potential weaknesses and bugs you could find in order for us to improve and consolidate our solutions.
Regarding your raised issues about ARender’s bandwidth usage, this originates from our backward compatibility with Internet Explorer 6. As the latter does not handle resizing of pictures very well, we had to request pictures with different sizes for each window size change. Now with ARender 3, and the drop of IE6 compatibility, we will soon be able to use a rezising mechanism, with only some key pictures sizes requested on demand when the quality starts to be altered by the zoom. This will leverage the number of images requested but also the number of http requests.
For the security issue regarding the access to critical system paths, it is possible in ARender to turn off the filesystem access, and in the future, to restrict specific paths once ARender enters production environment. We also recently integrated ARender in docker, that we will try to promote and push as standard usage. As ARender is then deployed in a minimalistic environement, there will be no services exposure either than ARender itself and no access to the real host filesystem.