W3C home > Mailing lists > Public > public-device-apis@w3.org > November 2009

Re: Security evaluation of an example DAP policy

From: Robin Berjon <robin@berjon.com>
Date: Fri, 20 Nov 2009 17:38:53 +0100
Cc: public-device-apis@w3.org, public-webapps WG <public-webapps@w3.org>
Message-Id: <8137F330-9CA3-4597-A8DD-4B493B987488@berjon.com>
To: Maciej Stachowiak <mjs@apple.com>
On Nov 20, 2009, at 01:26 , Maciej Stachowiak wrote:
>> For what it's worth, I think any API that opened a dialog asking the
>> user "Do you want to give website X access to directory Y in your file
>> system" would not be an API we'd be willing to implement in firefox.
>> I.e. our security policy would be to always deny such a request (thus
>> making implementing the API useless for our users).
> 
> Ditto for Safari.

That's good, because it's not part of the plan to do such a thing. The writer level for the File API, which I'm tasked to draft up, certainly doesn't plan any such thing.

There is interest in a Directory level, but it's lower. And I would expect it to only be available to widgets, or /perhaps/ to some sort of virtual local file system accessed through a localFS object  la localStorage (with quotas, security considerations that UAs shouldn't implement that by actually storing files on the FS as that could open up a bunch of issues, etc.).

-- 
Robin Berjon - http://berjon.com/
Received on Friday, 20 November 2009 16:39:23 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:14:01 GMT