Re: ISSUE-11: Gathering requirements [FileSystem API]

Security is a tricky beast to address but I feel it is worth exploring
if we want the web to be a first class development platform.

Certainly the current analogue would be the sqlite storage which has
no security restrictions but choosing to not solve access control and
security isn't solving anything at all. And saying a language is
inherently insecure could be applied to *any* software language or

The iPhone SDK gives us the follow abstractions:


Sorta nice wrappers around the lower level permissions. A file can
only be read/write to a memory space dedicated to the that
application. Android allows for anything in in a similar data
directory (which is separate from the app directory/package).

Perhaps something similar could be proposed?

On Tue, Oct 6, 2009 at 9:39 AM,  <> wrote:
> On Oct 6, 2009, at 16:52 , wrote:
>> Mostly it puts the end-user at the mercy of the developer's
>> competency in keeping their credentials secure and I don't
>> trust all JS developers (most of them like you guys of course ;-D).
> (*I trust* most of them, like you guys, of course ;-D)
> I just wanted to clarify that line as it came over badly on re-reading!
> :-O
> Rich

Received on Tuesday, 6 October 2009 18:07:04 UTC