The permissions system seems to be granular with respect to whatever was selected - if you select a directory you have full access to everything in it. Theoretically the permission system requires explicit approval, but if you see the security system with the user I think it presents more risk to users than before.
Previously if you wanted filesystem control you had to trick a user into downloading something. With this API, it seems like it would be easier to con unsuspecting users into granting permissions they aren't aware they're granting.
> If the permissions system in place is clear and potent enough, I don't see the problem.
Maybe, but the odds of the permission system being clear and potent enough that non-technical users understand what's happening is basically zero.
> You can also ask people to simply download and install an app that can do whatever it wants.
And after 20 years we've managed to train many people that that's a red flag that crosses a security boundry, unlike this shiny new way to invite malware into your machine by accident.
> It's 2020 and we still can't build web apps that can read and write to local files. Browsers are no longer useful just for reading text.
That is... not a bug. Web apps are safer precisely because it's so hard for them to touch your "real" local system. Take that away and you erode the security model that made web apps so great in the first place.
bad_user|5 years ago
You can also ask people to simply download and install an app that can do whatever it wants.
It's 2020 and we still can't build web apps that can read and write to local files. Browsers are no longer useful just for reading text.
rainforest|5 years ago
Previously if you wanted filesystem control you had to trick a user into downloading something. With this API, it seems like it would be easier to con unsuspecting users into granting permissions they aren't aware they're granting.
yjftsjthsd-h|5 years ago
Maybe, but the odds of the permission system being clear and potent enough that non-technical users understand what's happening is basically zero.
> You can also ask people to simply download and install an app that can do whatever it wants.
And after 20 years we've managed to train many people that that's a red flag that crosses a security boundry, unlike this shiny new way to invite malware into your machine by accident.
> It's 2020 and we still can't build web apps that can read and write to local files. Browsers are no longer useful just for reading text.
That is... not a bug. Web apps are safer precisely because it's so hard for them to touch your "real" local system. Take that away and you erode the security model that made web apps so great in the first place.
tomayac|5 years ago