On Tue, 18 Aug 2009 18:10:41 -0400, Adam Barth <[email protected]> wrote:
On Tue, Aug 18, 2009 at 2:59 PM, Michael A. Puls
II<[email protected]> wrote:
So, if you access the abarth directory in your browser's address field,
it'll say:
file:///afs/cs.stanford.edu/u/abarth (or
file://localhost/afs/cs.stanford.edu/u/abarth in Opera)
?
Yep.
O.K. Thanks.
If so, then indeed the access has to be further restricted by the
directory
also.
Or, does it say something else?
The point I'm trying to make is that the security model for file URLs
is tricky.
Point definitely taken.
Mozilla does indeed separate by directory in an
interesting way.
Is the exact way documented that you know of?
When interacting with the file system, we should be
careful to consider non-Windows file systems as well.
Point taken.
We haven't even gotten into the fun of the /dev or /proc directories
yet. :)
If you have access to dev and try to load a path to a current device, what
happens in browsers currently?
--
Michael
