Re: [FileSystem]: URI format, uses

On Sun, Jan 23, 2011 at 5:50 PM, Charles McCathieNevile <chaals@opera.com>
wrote:
> Not in my experience. People put them somewhere on facebook.com or
skype.com
> or something, which makes them accessible through a very small number of
> single webpages. And often without loggin in, those are not actually
> available to anyone.
>
> So as a user, it seems functionally the same except the particular hoops
for
> putting things online which are different in every single case.

But that's the point: when you put pictures (or tax forms, or other private
files) on a webserver, you have mechanisms for access control.  You wouldn't
put private files on a publically-accessible webserver; you put them on a
password-protected one.

If cross-origin access is allowed for filesystem URLs, that's akin to
putting them on a webserver with no access control.  Maybe access control
mechanisms should exist for it (personally I think that only makes sense for
createObjectURL, not filesystem URIs); but as long as they don't, filesystem
URLs should be private to the origin.

-- 
Glenn Maynard

Received on Sunday, 23 January 2011 23:13:49 UTC