W3C home > Mailing lists > Public > public-device-apis@w3.org > June 2010

Re: Transferring File* to WebApps - redux

From: Tab Atkins Jr. <jackalmage@gmail.com>
Date: Tue, 15 Jun 2010 14:42:31 -0700
Message-ID: <AANLkTinjV33zm5qUqvA9AsF2di6o78yeqWl0sT_F7YbF@mail.gmail.com>
To: "SULLIVAN, BRYAN L (ATTCINW)" <BS3131@att.com>
Cc: arun@mozilla.com, Robin Berjon <robin@berjon.com>, public-device-apis@w3.org, Ian Fette <ifette@google.com>, Web Applications Working Group WG <public-webapps@w3.org>
On Tue, Jun 15, 2010 at 2:24 PM, SULLIVAN, BRYAN L (ATTCINW)
<BS3131@att.com> wrote:
> Arun,
>
> The basic concern I have is with the notion of "browsers" as the only
> Web context and use-case that matters. The browser-based model for API
> integration view (as I understand your position) is that the user must
> be actively involved in every significant action, and choose explicitly
> the actions that enable integration with browser-external resources
> (including local and remote). Step back and you will see the
> inconsistency in that (what would Ajax be if the user had to approved
> every HTTP API request via an <input> element?).

The similarity between AJAX and the use-cases we're discussing is
thin.  XHR is the page communicating back with its origin server, and
is security-wise in roughly the same category as a script adding an
<img> to a page (the <img> sends a script-crafted request back to the
server and receives data back).

Interacting directly with the user's file system is a substantially
more security-conscious action.  Involving the user in the action, at
least minimalloy, appears to be a common-sense good idea to mitigate
the possibility of attacks.

The decisions in this arena have been highly informed by security
considerations specific to the particular cases being discussed.

~TJ
Received on Tuesday, 15 June 2010 21:43:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:14:10 GMT