On Tue, 13 Oct 2004, Tim Churches wrote: > On Wed, 2004-10-13 at 06:12, Andrew Ho wrote: ... > > Karsten, > > What about USB-accessible cards? Most operating systems have built-in > > support to read from these. > > Yes, but Karsten's excellent point is that in order to use such > resources, you need to give the browser-based application (as opposed to > the browser itself) a degree of autonomous access to your local > filesystem.
Tim, Why is it necessary for the browser to have autonomous access to any local file system? It may be sufficient for the end-user to be prompted for permission to upload an authentication token from the USB device to the web-server. ... > AFAIK, browsers do not provide the ability to allow certain privileges > As far as I know, browsers are not permitted to read or write anything from the local file system except for the cookies files. Even this privilege can be revoked by changing the browser configuration. ... > In other words, Web browsers are promiscuous. Everything is relative: Web browsers (when running Mozilla on Windows OS, for example) are not as "promiscuous" as desktop applications (running on the same Windows OS). On the other hand, maybe Microsoft Internet Explorer is special: http://groups.google.com/groups?hl=en&lr=&selm=9lqunr%24ea41%40secnews.netscape.com Best regards, Andrew --- Andrew P. Ho, M.D. OIO: Open Infrastructure for Outcomes www.TxOutcome.Org
