Re: Transferring File* to WebApps - redux

On Tue, Jun 15, 2010 at 2:24 PM, SULLIVAN, BRYAN L (ATTCINW)
<BS3131@att.com> wrote:
> Arun,
>
> The basic concern I have is with the notion of "browsers" as the only
> Web context and use-case that matters. The browser-based model for API
> integration view (as I understand your position) is that the user must
> be actively involved in every significant action, and choose explicitly
> the actions that enable integration with browser-external resources
> (including local and remote). Step back and you will see the
> inconsistency in that (what would Ajax be if the user had to approved
> every HTTP API request via an <input> element?).

The similarity between AJAX and the use-cases we're discussing is
thin.  XHR is the page communicating back with its origin server, and
is security-wise in roughly the same category as a script adding an
<img> to a page (the <img> sends a script-crafted request back to the
server and receives data back).

Interacting directly with the user's file system is a substantially
more security-conscious action.  Involving the user in the action, at
least minimalloy, appears to be a common-sense good idea to mitigate
the possibility of attacks.

The decisions in this arena have been highly informed by security
considerations specific to the particular cases being discussed.

~TJ

Received on Tuesday, 15 June 2010 21:43:25 UTC