[whatwg] Device Element

dresende at thinkdigital.pt dresende at thinkdigital.pt
Mon Jan 10 07:01:43 PST 2011


 On Sun, 9 Jan 2011 21:10:58 +0000, Bjartur Thorlacius wrote:
> On 1/9/11, Glenn Maynard <glenn at zewt.org> wrote:
>> File access control is currently, very clearly and very 
>> deliberately,
>> handled by the browser: web pages can only access files the user 
>> gives
>> to the page by selecting them in form input boxes.  What you're
>> actually saying is that this should be removed, web pages should be
>> able to access any local file that the OS user account the script is
>> running as has access to, and that users should control what files
>> they want web pages to access by modifying the operating system's
>> ACL's to grant and revoke access to web pages.

> Precisely. Any hurdles I've foreseen with that method so far are OS' 
> faults.

 This is way too pragmatic and useless. That is a security breach of the 
 current desktop apps.
 My GTD app should never ever read my invoicing documents. A web app 
 should never have access
 to all my stuff. That's why I said kernel ACLs should never be confused 
 with this.

 The kind of ACL we're talking is just like geolocation, js execution, 
 cookies, ... a page
 access X device because a user say yes to a warning dialog and choose X 
 device. Nothing more.

 Please stop CC'ing to me, I'm on the list.




More information about the whatwg mailing list