← Back to context

Comment by explodes

5 hours ago

First time I've heard about this. I'll have to look into the security model around it. I'm curious what safeguards are in place to prevent click jacking. I know showing a file picker """should""" be enough of a warning to users to be careful, but it's not hard to imagine a world where a couple of fish accidentally bite the bait of an allow-button, or because they followed instructions they incorrectly trusted.

9 comments

explodes

Reply
explodes  5 hours ago

Looks like these safeguards are in place:

* System and root directories cannot be selected. * Can only being activated after user action. * Requires https. * Double-confirmation for write access.

No API like this could ever be bulletproof, but it's a start I guess.

Very cool API though, and it really does open up a whole new world of possibilities.

  • ptx  5 hours ago

    Those are some pretty flimsy safeguards. I don't keep my secrets in system directories and using HTTPS doesn't mean the site isn't malicious.

    • Ajedi32  5 hours ago

      > I don't keep my secrets in system directories

      Root of the home directory is also excluded.

      But obviously yeah, nothing's going to prevent you from giving a website access to your .ssh directory if you explicitly select it.

      Personally I don't have a problem with that. The ability to upload files has been a thing on the web for forever and I don't think there's ever been anything that stopped users from uploading their private key. Possibly some users have gotten phished that way, but at a certain point you have to accept responsibility for your own actions, otherwise you start ceding control of your life to a corporate nanny state.

  • mschuster91  5 hours ago

    > System and root directories cannot be selected.

    That desperately needs something like the Public Suffix List [1] - a community-managed list where authors of software can blacklist directories containing sensitive files or such files directly for all browsers implementing this feature.

    If I were to design such a list, it would include ~/.ssh, ~/.aws, ~/.config, ~/Library, ~/.{ba,z}sh{rc,_profile,_history}, ~/.m2, ~/.npm, ~/.npmrc, ~/.profile at the very least. Because users will get phished.

    [1] https://en.wikipedia.org/wiki/Public_Suffix_List

    • inigyou  5 hours ago

      This is still a security nightmare! You won't get every folder, or even enough folders.

    • codedokode  3 hours ago

      Black listing is never secure. White listing is. Sadly some really smart person decided it was a good idea to store pictures and SSH keys within the same directory tree.

cicko  5 hours ago

This is something you should explain to the Firefox critics.

  • asdfsa32  5 hours ago

    Chrome and friends (Edge, Opera) are basically the new IE6 and only people who are new or forgetful will disagree. I hate Mozilla for missing up so bad with their stewardship of Firefox time and again, but alas, it is the only reasonable option on the table.

    And while I do hate Mozilla, Google is to be disliked even more.

    • recursive  4 hours ago

      IE6 stagnated after MS won the browser wars. It didn't get an update for like 6 years. Chrome has become a monoculture too but I think it's one of another kind.