On Thu, Nov 19, 2009 at 2:49 AM, David Rogers <david.rog...@omtp.org> wrote: > -----Original Message----- > From: public-device-apis-requ...@w3.org > [mailto:public-device-apis-requ...@w3.org] On Behalf Of Adam Barth > Sent: 19 November 2009 07:42 > To: Marcin Hanclik > Cc: Maciej Stachowiak; Dominique Hazael-Massieux; Robin Berjon; > public-device-a...@w3.org; public-webapps WG > Subject: Re: DAP and security (was: Rename "File API" to "FileReader API"?) > > I'm skeptical that this approach will lead to a secure API for file > access. Abstracting the problem doesn't make the security challenges > any easier. The reason the HTML file upload control has been such a > successful secure API for reading files is because the security issues > are specifically *not* abstracted. The entire API is designed around > the security considerations and eliciting user consent in a > easy-to-understand way. > > I suspect we'll need a similarly clever API design to address the > security challenges of letting web content write to the user's file > system. > > [DAVID] I would hope that we can come up with some clever API design in terms > of safe logic. However, this does not solve the whole problem, at some point > you need to make a decision / judgement call.
Really? What decision / judgement call do we need to make for the file upload control? What decision / judgement call do we need to make for the video tag? > What the policy advocates are proposing is to advance the whole discipline > here - let's improve this by adding strength in depth and allow the user to > defer their decision to someone who they trust, who is willing to take the > decision for them. You're not listening to the folks on this thread who are telling you that this model has been tried and failed. At best this is a science experiment. Writing web standards is a terrible way to run a science project. Adam