W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2011

[whatwg] Drag-and-drop folders/files support with directory structure using DirectoryEntry

From: Glenn Maynard <glenn@zewt.org>
Date: Tue, 15 Nov 2011 21:42:50 -0500
Message-ID: <CABirCh_EP3sBAGZEDAhc1NJGr-r_x-gODJfMapdUL-OCRcOx1g@mail.gmail.com>
On Tue, Nov 15, 2011 at 9:37 PM, Zac Spitzer <zac.spitzer at gmail.com> wrote:

> any thoughts about minimising the security implications on this?
>
> it makes it extremely easy to jump on a machine, open a browser page,
> select a sensitive folder and upload it all to a remote server
>

It's meaningless to try to secure against a hostile local user at this
level.  The attempt will be a cost to everyone, and it's a battle you're
going to lose.

-- 
Glenn Maynard
Received on Tuesday, 15 November 2011 18:42:50 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:09 UTC