Comments on: Browser, mount that folder, thank You!

By: Maciej Stachowiak

Maciej Stachowiak — Sun, 11 May 2008 23:28:50 +0000

The API as proposed seems ok for things like Widgets, but totally unsafe for content served over the Web. We would certainly not implement it in Safari for Web content as currently proposed.

By: Arve Bersvendsen

Arve Bersvendsen — Fri, 09 May 2008 19:54:57 +0000

Hi, I wrote the initial version of that input, and I’d like to give a few insights in to where it is being used, and some of the constraints given

First, the security constraints that are currently in the proposal are meant for use in applications you have already chosen to install on a system (e.g. widgets), “Web applications” the current proposal is explicitly _not_ about your average application served directly over HTTP(S).

Secondly, it’s worth noting that the API, as is now, does little you can’t do with equivalent APIs in Firefox extensions, Dashboard widgets or Windows Vista sidebar gadgets, except adding sandboxing and required two-step user interaction before allowing access.

So, your corrected headline should read “Locally installed Application installed from a trusted repository, query the user for access to a folder of the user’s choice”

By: Ix

Ix — Fri, 09 May 2008 15:14:12 +0000

I think on the first page they sum it up best. “There are several known issues in this specification” though they go on to mention issues not at all related to malicious people abusing it.

By: pdp

pdp — Fri, 09 May 2008 14:13:57 +0000

I think that any work on this API should be terminated. It is not cool :) I can easily see how it will be abused.

By: Ashley Smith

Ashley Smith — Fri, 09 May 2008 03:22:05 +0000

I think this API really has to be integrated into an OS itself. e.g a default designated directory which can’t make remote api calls to other parts of the system.

I don’t think the web browser is ready for this yet. Even though I think this would make offline email a dream.