- From: Aryeh Gregor <Simetrical+w3c@gmail.com>
- Date: Mon, 3 Jan 2011 17:38:54 -0500
On Mon, Jan 3, 2011 at 4:45 PM, Diego Perini <diego.perini at gmail.com> wrote: > So next question is why allow Adobe Flash and plug-ins in general to > do that wildly and not allow others to have the same capability and be > so paranoid about security when that is already broken by other means > at higher levels ? If something is available in HTML, any website can run it. Websites can't just install plugins. The only way for them to install plugins is by getting the user to run an executable, which browsers put lots of scary "be careful" signs around just like for any other downloaded executable. If the website can get the user to install a plugin, it can get them to run any program, so there's no security at all from that point forward. Yes, HTML features can require user confirmation, like geolocation usually does. But the kind of mild confirmation needed for geolocation is not suitable for allowing arbitrary file read/write access. The latter would require much scarier-looking permission, in fact about as much as installing a program, since it would be trivial to escalate to arbitrary code execution. We don't want to encourage websites to pop up warnings like that all the time, because 1) many users won't give permission, which makes the feature much less useful to authors; and 2) it desensitizes users so they click yes all the time. So this is really apples and oranges. Part of the point of the web is it's relatively safe. You can't compare web platform features to arbitrary code like plugins. This sort of feature will probably come in time, driven by Chrome OS if nothing else, but it will have to be thought out carefully to balance security against usability.
Received on Monday, 3 January 2011 14:38:54 UTC