- From: Eric Uhrhane <ericu@google.com>
- Date: Wed, 11 Nov 2009 15:57:24 -0800
- To: Maciej Stachowiak <mjs@apple.com>
- Cc: Arve Bersvendsen <arveb@opera.com>, Robin Berjon <robin@berjon.com>, public-device-apis@w3.org, public-webapps WG <public-webapps@w3.org>
On Wed, Nov 11, 2009 at 12:44 AM, Maciej Stachowiak <mjs@apple.com> wrote:
>
> On Nov 11, 2009, at 12:36 AM, Arve Bersvendsen wrote:
>
>> On Wed, 11 Nov 2009 02:47:50 +0100, Maciej Stachowiak <mjs@apple.com>
>> wrote:
>>
>>> I think file writing (once the script has securely received a file
>>> handle) has different security considerations than directory manipulation
>>> and opening of arbitrary files. File writing should be designed with the
>>> browser security model in mind, because it's something that is reasonable to
>>> expose to Web content, given the right model for getting a writable handle
>>> (private use area or explicitly chosen by the user via "Save As" dialog)
>>
>> Note that both explicit content and private use areas/sandboxes has
>> security implications.
>
> Of course it does. Any new capability we add to the Web platform has
> security implications.
>
> For these particular features, I would like to see designed such that it is
> reasonable to expose them to public Web content, without the need for trust
> decisions by the user or policy choices by an administrator or network
> operator. I believe that is possible. When it comes to directory
> manipulation, I am not sure such a design is possible, or at least, I have
> not heard a good proposal yet.
>
> Regards,
> Maciej
How would you feel about a web app being able to write to a sandboxed
per-origin filesystem with a small default quota and no prompt?
Eric
Received on Wednesday, 11 November 2009 23:58:32 UTC