[whatwg] Drag-and-drop folders/files support with directory structure using DirectoryEntry
Glenn Maynard
glenn at zewt.org
Tue Nov 15 18:42:50 PST 2011
On Tue, Nov 15, 2011 at 9:37 PM, Zac Spitzer <zac.spitzer at gmail.com> wrote:
> any thoughts about minimising the security implications on this?
>
> it makes it extremely easy to jump on a machine, open a browser page,
> select a sensitive folder and upload it all to a remote server
>
It's meaningless to try to secure against a hostile local user at this
level. The attempt will be a cost to everyone, and it's a battle you're
going to lose.
--
Glenn Maynard
More information about the whatwg
mailing list