On Tuesday, November 03, 2009 10:07 AM, Arun Ranganathan wrote:
> Adrian Bateman wrote:
> > On Monday, November 02, 2009 10:12 PM, Jonas Sicking wrote:
> >> Are you concerned about security bugs in the feature design or in
> >> the implementation?
> >
> > Mostly in the implementation - it increases the surface area to be
> > concerned about and there might be a different approach.
> 
> This feedback as a potential implementor is important :-)
> 
> 1. Can you give us an example of an exploit, or expand on your
> concerns?

If you look through the bugs reported (and fixed) in the Firefox jar: scheme 
handler many of them revolve around mishandling origin. The file urn is 
obviously simpler and also currently refers to a file that the user had to 
select. However, in future this might be used as part of a larger API that 
allows certain web sites to access certain files/folders. A vulnerability might 
involve leaking the URN from one origin to another allowing a site to read a 
file it shouldn't have access to.

> 2. From an implementation perspective, do you care whether we define a
> scheme (such as filedata:) or reuse something like urn:uuid:[UUID] ?
> Are there any barriers with respect to either one?

At first glance, I imagine filedata: would be easier for us to implement but I 
haven't researched this yet - I will ask the question. I wonder from a spec 
perspective whether reusing urn:uuid: might cause problems with this being 
overloaded for different uses in future.

Cheers,

Adrian.

Reply via email to