[Apologies for the delay in replying.]
Nigel McFarlane wrote:
Not exactly. The point of trust is on reload, not on save. The MOTW is
merely metadata about the file's origin. I might configure my Firefox,
for example, to not alert for all content saved from www.mybank.com.
That's a matter of
With MOTW in place, Mozilla and Firefox trusts Word documents
more than it trusts web documents, passing them through the
file-save cycle without modification. That is silly.
Not exactly. The point of trust is on reload, not on save. The MOTW is
merely metadata about the file's origin. I might
What I didn't say was this: This is a really
hard problem.
That's why (in my view) some time and effort
should be spent on the problem rather than
just doing what seems like a good idea.
For those seeking a real solution, as opposed
to a best efforts, which is the only practical
way forward,
Can you remind me of the use case here? Who wants to load HTML pages
from local disk and have JavaScript in that HTML have local disk access?
That specific case isn't a requirement. The use case I'm
defending is this one:
Developer creates a web page on local disk and is able to
load that file
There are two worlds, the web and the disk. The
assumption is that the web is untrusted and the
disk is trusted **.
Rather, there are two security models with
different goals. Each model provides trust
of the kind its users need.
I said neither is necessarily less trusted than the
other, just
Nigel McFarlane wrote:
Firefox's smooth user experience makes Fx a popular
product for end users. A similarly smooth experience will
help make moz/xulrunner/Fx a popular product for app
developers. Developers, however, use local disk a lot
and that puts them at odds with some security goals. In
Nigel McFarlane wrote:
[long post]
Indeed. My sense of the problem is below. Please
correct where I got it wrong.
There are two worlds, the web and the disk. The
assumption is that the web is untrusted and the
disk is trusted **.
Anything that is stored on the disk is thought to
be secure,
[long post]
I've been trying to progress bug 273419 (disclosure
of local files) and bug 230606 (same origin for local files).
Some notes.
Where I'm coming from:
Firefox's smooth user experience makes Fx a popular
product for end users. A similarly smooth experience will
help make moz/xulrunner/Fx