Plus, running apps from the web *should* be an infrequent action anyways, so it should be only a minor inconvience.Figuring out an appropriate UI and security model is tough. When sites offered .exe downloads we used to force people to explicitly save them and launch them using the OS. This was to discourage stu^H^H^Hinexperienced people from running any malware they ran across, with a barrier easily overcome by anyone who knew what they were doing.
Later ... we let people launch them directly from the download screen, albeit with a modal "Are you sure" dialog interposed.IMHO, this was one of the worst decisions ever made for Mozilla. Esp. when considering how often people run malware off the web.
Fup-To security.
_______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security
