- From: Jonas Sicking <jonas@sicking.cc>
- Date: Mon, 28 Jul 2008 10:45:35 -0700
- To: Arthur Barstow <art.barstow@nokia.com>
- Cc: ext Sam Weinig <weinig@apple.com>, Web Applications Working Group WG <public-webapps@w3.org>
Arthur Barstow wrote: > > Hi Sam, > > This seems like a reasonable extension to me. > > A colleague asks "Are there any new security concerns by putting this > inside XHR, or is the assumption that we are not exposing anything new?" > > What are your thoughts on that question? I presume "not exposing > anything new" given this type of functionality is already provided (e.g. > form submission as mentioned below). Yes, I believe that when we implemented a similar feature in mozilla (different API though) we came to the conclusion that it didn't expose anything significantly new. There were a few differences though: If the File object can be stored in an offline cache, this means that somebody could today be theoretically protected while inside a corporate firewall, as long as they always restart the browser before leaving that firewall. I.e. even if you were somehow tricked into choosing to upload a file, a corporate firewall could protect that data from ever reaching the server. However if the File object can be stored in a offline cache, such as localStore, then restarting the browser will not prevent this. Same holds true if a File object can be used to directly read data out from the file. So while File upload through XHR on its own does not seem to cause any security issues. There are some theoretical attacks where it can be used in combination with other things. However at mozilla we did not consider these new attacks likely enough that it prevented us from implementing the feature. The main line of defense is the browser UI that lets you choose a file to upload. If that doesn't protect the user well enough, the user is in the vast majority of cases compromised anyway. / Jonas
Received on Monday, 28 July 2008 17:47:15 UTC