Re: [FileSystem]: URI format, uses from Glenn Maynard on 2011-01-23 (public-webapps@w3.org from January to March 2011)

From: Glenn Maynard <glenn@zewt.org>
Date: Sun, 23 Jan 2011 18:13:16 -0500
To: Charles McCathieNevile <chaals@opera.com>
Cc: Robin Berjon <robin@berjon.com>, Web Applications Working Group WG <public-webapps@w3.org>
Message-ID: <AANLkTi=-ZPbW3DZ6WMpvZSW3vTP0EsHE57DfPrcZ1wQJ@mail.gmail.com>

On Sun, Jan 23, 2011 at 5:50 PM, Charles McCathieNevile <chaals@opera.com>
wrote:
> Not in my experience. People put them somewhere on facebook.com or
skype.com
> or something, which makes them accessible through a very small number of
> single webpages. And often without loggin in, those are not actually
> available to anyone.
>
> So as a user, it seems functionally the same except the particular hoops
for
> putting things online which are different in every single case.

But that's the point: when you put pictures (or tax forms, or other private
files) on a webserver, you have mechanisms for access control.  You wouldn't
put private files on a publically-accessible webserver; you put them on a
password-protected one.

If cross-origin access is allowed for filesystem URLs, that's akin to
putting them on a webserver with no access control.  Maybe access control
mechanisms should exist for it (personally I think that only makes sense for
createObjectURL, not filesystem URIs); but as long as they don't, filesystem
URLs should be private to the origin.

-- 
Glenn Maynard

Received on Sunday, 23 January 2011 23:13:49 UTC