- From: Robin Berjon <robin@robineko.com>
- Date: Mon, 7 Dec 2009 17:01:16 +0100
- To: "Tran, Dzung D" <dzung.d.tran@intel.com>
- Cc: "richard.tibbett@orange-ftgroup.com" <richard.tibbett@orange-ftgroup.com>, "public-device-apis@w3.org" <public-device-apis@w3.org>
On Dec 5, 2009, at 05:14 , Tran, Dzung D wrote: > I like the concept of a sandbox here. The current API seems to open up some security concerns. I think these issues were brought up in other post. It seems like you can easily overwrite your system files and now you have a brick. The idea is that within a browser we stick to the download process that users already know, and don't introduce any issue that doesn't already exist with downloads. A user can download a file and chose to override a system file. Well tough :) The idea is to not open up new security issues — for that we don't need a sandbox. > Also the size of the file, there is a mention of quotas in the Security Considerations section, but it left to the UA to determine. Is there a possibility of a rogue web appl that would fill up your disk? Yes there is. That's why one expects sane UAs to monitor the file's size. -- Robin Berjon robineko — hired gun, higher standards http://robineko.com/
Received on Monday, 7 December 2009 16:01:55 UTC