Eric Rescorla wrote: > I think there are some fairly obvious issues here, including: > > - There are obvious sensitive files you shouldn't upload under > basically any conditions. > - It's hard for the client to know what the implications of any directory > upload are > because they may not know what's in a given directory. I'm not a big fan of "the user is stupid and we have to protect him" as an argument. :)
There are a lot of genuinely valid use cases for this feature; yes, security concerns should definitely be considered, but it's important to be clear that if you want to address security concerns, or kill off the feature entirely. I hope it's the former, because the number of times this exact thing has come up for me is not easy to dig up, since it's been a lot of times, especially when working on web deployments or staging of assets for media services. -- Eric Shepherd Senior Technical Writer Mozilla <https://www.mozilla.org/> Blog: http://www.bitstampede.com/ Twitter: http://twitter.com/sheppy Check my Availability <https://freebusy.io/esheph...@mozilla.com> _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
