[whatwg] Device Element
dresende at thinkdigital.pt
dresende at thinkdigital.pt
Mon Jan 10 07:01:43 PST 2011
On Sun, 9 Jan 2011 21:10:58 +0000, Bjartur Thorlacius wrote:
> On 1/9/11, Glenn Maynard <glenn at zewt.org> wrote:
>> File access control is currently, very clearly and very
>> deliberately,
>> handled by the browser: web pages can only access files the user
>> gives
>> to the page by selecting them in form input boxes. What you're
>> actually saying is that this should be removed, web pages should be
>> able to access any local file that the OS user account the script is
>> running as has access to, and that users should control what files
>> they want web pages to access by modifying the operating system's
>> ACL's to grant and revoke access to web pages.
> Precisely. Any hurdles I've foreseen with that method so far are OS'
> faults.
This is way too pragmatic and useless. That is a security breach of the
current desktop apps.
My GTD app should never ever read my invoicing documents. A web app
should never have access
to all my stuff. That's why I said kernel ACLs should never be confused
with this.
The kind of ACL we're talking is just like geolocation, js execution,
cookies, ... a page
access X device because a user say yes to a warning dialog and choose X
device. Nothing more.
Please stop CC'ing to me, I'm on the list.
More information about the whatwg
mailing list