[whatwg] Device Element from dresende@thinkdigital.pt on 2011-01-10 (public-whatwg-archive@w3.org from January 2011)

From: <dresende@thinkdigital.pt>
Date: Mon, 10 Jan 2011 16:01:43 +0100
Message-ID: <dd457e33ff0ca63557a52e9c532bcdc6@thinkdigital.pt>

 On Sun, 9 Jan 2011 21:10:58 +0000, Bjartur Thorlacius wrote:
> On 1/9/11, Glenn Maynard <glenn at zewt.org> wrote:
>> File access control is currently, very clearly and very 
>> deliberately,
>> handled by the browser: web pages can only access files the user 
>> gives
>> to the page by selecting them in form input boxes.  What you're
>> actually saying is that this should be removed, web pages should be
>> able to access any local file that the OS user account the script is
>> running as has access to, and that users should control what files
>> they want web pages to access by modifying the operating system's
>> ACL's to grant and revoke access to web pages.

> Precisely. Any hurdles I've foreseen with that method so far are OS' 
> faults.

 This is way too pragmatic and useless. That is a security breach of the 
 current desktop apps.
 My GTD app should never ever read my invoicing documents. A web app 
 should never have access
 to all my stuff. That's why I said kernel ACLs should never be confused 
 with this.

 The kind of ACL we're talking is just like geolocation, js execution, 
 cookies, ... a page
 access X device because a user say yes to a warning dialog and choose X 
 device. Nothing more.

 Please stop CC'ing to me, I'm on the list.

Received on Monday, 10 January 2011 07:01:43 UTC