On Tuesday, November 03, 2009 10:07 AM, Arun Ranganathan wrote: > Adrian Bateman wrote: > > On Monday, November 02, 2009 10:12 PM, Jonas Sicking wrote: > >> Are you concerned about security bugs in the feature design or in > >> the implementation? > > > > Mostly in the implementation - it increases the surface area to be > > concerned about and there might be a different approach. > > This feedback as a potential implementor is important :-) > > 1. Can you give us an example of an exploit, or expand on your > concerns?
If you look through the bugs reported (and fixed) in the Firefox jar: scheme handler many of them revolve around mishandling origin. The file urn is obviously simpler and also currently refers to a file that the user had to select. However, in future this might be used as part of a larger API that allows certain web sites to access certain files/folders. A vulnerability might involve leaking the URN from one origin to another allowing a site to read a file it shouldn't have access to. > 2. From an implementation perspective, do you care whether we define a > scheme (such as filedata:) or reuse something like urn:uuid:[UUID] ? > Are there any barriers with respect to either one? At first glance, I imagine filedata: would be easier for us to implement but I haven't researched this yet - I will ask the question. I wonder from a spec perspective whether reusing urn:uuid: might cause problems with this being overloaded for different uses in future. Cheers, Adrian.