W3C home > Mailing lists > Public > public-device-apis@w3.org > December 2009

Re: First stab at File Writer

From: Robin Berjon <robin@robineko.com>
Date: Mon, 7 Dec 2009 17:01:16 +0100
Cc: "richard.tibbett@orange-ftgroup.com" <richard.tibbett@orange-ftgroup.com>, "public-device-apis@w3.org" <public-device-apis@w3.org>
Message-Id: <0D20C67C-2B03-4C74-BC4D-ADE09563921E@robineko.com>
To: "Tran, Dzung D" <dzung.d.tran@intel.com>
On Dec 5, 2009, at 05:14 , Tran, Dzung D wrote:
> I like the concept of a sandbox here. The current API seems to open up some security concerns. I think these issues were brought up in other post. It seems like you can easily overwrite your system files and now you have a brick. 

The idea is that within a browser we stick to the download process that users already know, and don't introduce any issue that doesn't already exist with downloads. A user can download a file and chose to override a system file. Well tough :) The idea is to not open up new security issues  for that we don't need a sandbox.

> Also the size of the file, there is a mention of quotas in the Security Considerations section, but it left to the UA to determine. Is there a possibility of a rogue web appl that would fill up your disk?

Yes there is. That's why one expects sane UAs to monitor the file's size.

Robin Berjon
  robineko  hired gun, higher standards
Received on Monday, 7 December 2009 16:01:55 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:45:56 UTC