W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: Transferring File* to WebApps - redux

From: Tab Atkins Jr. <jackalmage@gmail.com>
Date: Tue, 15 Jun 2010 14:42:31 -0700
Message-ID: <AANLkTinjV33zm5qUqvA9AsF2di6o78yeqWl0sT_F7YbF@mail.gmail.com>
To: "SULLIVAN, BRYAN L (ATTCINW)" <BS3131@att.com>
Cc: arun@mozilla.com, Robin Berjon <robin@berjon.com>, public-device-apis@w3.org, Ian Fette <ifette@google.com>, Web Applications Working Group WG <public-webapps@w3.org>
On Tue, Jun 15, 2010 at 2:24 PM, SULLIVAN, BRYAN L (ATTCINW)
<BS3131@att.com> wrote:
> Arun,
> The basic concern I have is with the notion of "browsers" as the only
> Web context and use-case that matters. The browser-based model for API
> integration view (as I understand your position) is that the user must
> be actively involved in every significant action, and choose explicitly
> the actions that enable integration with browser-external resources
> (including local and remote). Step back and you will see the
> inconsistency in that (what would Ajax be if the user had to approved
> every HTTP API request via an <input> element?).

The similarity between AJAX and the use-cases we're discussing is
thin.  XHR is the page communicating back with its origin server, and
is security-wise in roughly the same category as a script adding an
<img> to a page (the <img> sends a script-crafted request back to the
server and receives data back).

Interacting directly with the user's file system is a substantially
more security-conscious action.  Involving the user in the action, at
least minimalloy, appears to be a common-sense good idea to mitigate
the possibility of attacks.

The decisions in this arena have been highly informed by security
considerations specific to the particular cases being discussed.

Received on Tuesday, 15 June 2010 21:43:25 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 20 October 2015 13:55:34 UTC