Re: [Widgets] URI Scheme revisited.... again

On Fri, Oct 10, 2008 at 8:35 PM, Mark Baker <distobj@acm.org> wrote:
> On Fri, Oct 10, 2008 at 3:29 PM, Marcos Caceres
> <marcosscaceres@gmail.com> wrote:
>> Ok. I will add  "Any hierarchical URI scheme" as the proposed solution
>> into the spec.
>>
>> I will say that, personally, I feel it is irresponsible for the
>> WebApps WG to not recommend a complete and a secure solution for this
>> issue. I also fear that not mandating a URI scheme will lead to
>> interoperability issues (especially going forward into V2, where we
>> might want to support things like queries and fragments, which
>> something like file: does not support).
>
> Well, the questions I asked of you were intended to discover whether
> or not interoperability was impacted by not specifying a URI scheme.
> Is there some aspect of this I didn't consider?  Can you give me an
> example of an interoperability (or security, as you say) problem
> that's created by not specifying a URI scheme?

Ok, In one of my previous emails I said that this was a potential
privacy/security issue:

"The reason we don't
want to allow vendors to mint their own is that there are potential
security and privacy issues related to URI schemes such as file:. For
instance, because Dashboard uses "file:" it is very easy for me to
work out what the username and home directory of a user on MacOsX by
simply picking up any DOM node that contains a dereferenced URI (eg.
by examining an img's src, I get something like
"file:///Users/marcos/Library/widget/Default.png")."

I'm no security/privacy expert, but this seems like an easy way to at
least get someone's username (from which I may be able to  derive who
they are, etc).  Also, if the implementation is crap and does not
restrict file:// to the scope of the widget package (thankfully Apple
does), then widgets could basically read any files on the hard drive.

-- 
Marcos Caceres
http://datadriven.com.au

Received on Friday, 10 October 2008 20:00:42 UTC