On Sun, 9 Jan 2011 21:10:58 +0000, Bjartur Thorlacius wrote:
On 1/9/11, Glenn Maynard <[email protected]> wrote:
File access control is currently, very clearly and very
deliberately,
handled by the browser: web pages can only access files the user
gives
to the page by selecting them in form input boxes. What you're
actually saying is that this should be removed, web pages should be
able to access any local file that the OS user account the script is
running as has access to, and that users should control what files
they want web pages to access by modifying the operating system's
ACL's to grant and revoke access to web pages.
Precisely. Any hurdles I've foreseen with that method so far are OS'
faults.
This is way too pragmatic and useless. That is a security breach of the
current desktop apps.
My GTD app should never ever read my invoicing documents. A web app
should never have access
to all my stuff. That's why I said kernel ACLs should never be confused
with this.
The kind of ACL we're talking is just like geolocation, js execution,
cookies, ... a page
access X device because a user say yes to a warning dialog and choose X
device. Nothing more.
Please stop CC'ing to me, I'm on the list.
