On May 8, 2008, at 1:18 AM, Arve Bersvendsen wrote:
On Wed, 07 May 2008 20:57:25 +0100, Maciej Stachowiak
<[EMAIL PROTECTED]> wrote:
They both said that this proposal was only meant for things like
widgets, and agreed with my assessment that it would be a giant
security hole if exposed to web content.
Without commenting further: Yes, in its current incarnation it
raises security concerns, but what I meant to say was more "Our
primary use case, and concerns that we have put into the initial
proposal are centered around locally installed web applications, aka
widgets".
I would not exclude making a subset of the proposal available to web
applications though. Note that the current proposal speaks of
FileStreams -- ideally, these should be generic IOStreams, and
should apply to other protocols than "mountpoint" or "file". Think
scratch areas, webdav/svn integration, file upload with folder watch
(but the method of doing so would have to be well-defined and more
secure). The initial proposal is not meant to cover this, but a
properly worked out, future revision could cover both.
I would be happy to review a proposal that is intended for Web
content, once one is available.
Regards,
Maciej
