W3C home > Mailing lists > Public > public-device-apis@w3.org > December 2009

Re: First stab at File Writer

From: Robin Berjon <robin@robineko.com>
Date: Mon, 7 Dec 2009 17:01:16 +0100
Cc: "richard.tibbett@orange-ftgroup.com" <richard.tibbett@orange-ftgroup.com>, "public-device-apis@w3.org" <public-device-apis@w3.org>
Message-Id: <0D20C67C-2B03-4C74-BC4D-ADE09563921E@robineko.com>
To: "Tran, Dzung D" <dzung.d.tran@intel.com>
On Dec 5, 2009, at 05:14 , Tran, Dzung D wrote:
> I like the concept of a sandbox here. The current API seems to open up some security concerns. I think these issues were brought up in other post. It seems like you can easily overwrite your system files and now you have a brick. 

The idea is that within a browser we stick to the download process that users already know, and don't introduce any issue that doesn't already exist with downloads. A user can download a file and chose to override a system file. Well tough :) The idea is to not open up new security issues  for that we don't need a sandbox.

> Also the size of the file, there is a mention of quotas in the Security Considerations section, but it left to the UA to determine. Is there a possibility of a rogue web appl that would fill up your disk?

Yes there is. That's why one expects sane UAs to monitor the file's size.

--
Robin Berjon
  robineko  hired gun, higher standards
  http://robineko.com/
Received on Monday, 7 December 2009 16:01:55 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:14:02 GMT