- From: Diego Perini <diego.perini@gmail.com>
- Date: Sun, 2 Jan 2011 21:51:15 +0100
On Wed, Dec 29, 2010 at 9:53 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote: > On 12/29/10 6:48 AM, Diego Perini wrote: >> >> Hmmm... >> >> I can currently read incoming RS232 and USB data in my OS X using >> Firefox 3.6.13 and the "file:" protocol: >> >> ? ?file:///dev/tty.BT-GPS010B62-SerialPort >> >> do I have an insecure system ? An insecure browser ? > > And _this_ sort of thing is why Firefox and other browsers don't ever allow > an http:// page to link to a file:// URL, read data from a file:// URL, or > otherwise interact with a file:// URL. > Boris, don't get confused by the questions in my message above, I really don' feel insecure for that existing option in Firefox. It was a tentative answer to so many security concerns and I wanted to tell that what they were after is almost already available in Firefox/UNIX. I feel it is a great and unique feature of Firefox, no other browser (that I am aware of) implement that level of OS integration (that maybe only for UNIX systems though). Of course this require file security privileges (security.fileuri.strict_origin_policy = true) but having to open about:config or having to consent through a button is not a problem for what I need it and probably what in general is needed. I believe the process Seth described in his message would be more than enough for the security problems this poses (relying on user consent is what plug-ins also do). -- Diego > -Boris >
Received on Sunday, 2 January 2011 12:51:15 UTC