Re: Firefox PDF download - strange behaviour.

To: debian-user@lists.debian.org
Subject: Re: Firefox PDF download - strange behaviour.
From: songbird <songbird@anthive.com>
Date: Mon, 17 Jan 2022 23:51:32 -0500
Message-id: <[🔎] kjthbi-tqh.ln1@anthive.com>
Reply-to: songbird <songbird@anthive.com>
References: <DGhct-594-1@gated-at.bofh.it> <DGhPb-5nm-1@gated-at.bofh.it> <[🔎] 87czkr4jr1.fsf@alfa.kjonca> <[🔎] urafbi-p9k.ln1@anthive.com> <[🔎] abb2549c-96c5-4cf8-b89d-ac414c46d224@www.fastmail.com>

Jeremy Nicoll wrote:
> On Mon, 17 Jan 2022, at 05:19, songbird wrote:
>
>>   you are right, but i just wanted to say that for some sites
>> the behavior is to generate a unique file name if they find
>> one that already exists with the same name and for other sites
>> it is not.  i think this is dependent upon the website designers
>> and not firefox.
>
> Are you saying that code on a webpage can interrogate my 
> file system to see whether certain files exist?  I don't like the
> sound of that.

  you are running the webpage on your browser so it is your
own computer and your own program that is doing the accessing
just like any other program you run.  what controls you wish
to put on the access to your file system and how you do that
is up to you and your own desires and capabilities.  for some
security systems they allow file access and directory access
controls, but what i do is set where files are saved in a
specific directory and leave it at that.  and, yes, more can
be done but i don't care to do it.  same as i could use a
very paranoid and text only based browser like lynx and
never run javascript or anything else that does things 
automatically, but then i'd probably not really enjoy doing
much on-line.  i pick my battles in other ways (like running
linux and debian) and i don't open or save files 
automatically.  those are good enough for me.  :)

> A quick google found me: 
> https://developer.mozilla.org/en-US/docs/Web/API/File_System_Access_API
>
> which seems to describe ways that Javascript can read and write 
> my files, and scan my directories (or will be able to when this
> API is implemented). 
>
> There's not enough information, in my view, explaining how a
> browser user can prevent that.  It says - if I'm reading it right -
> that it's secure because users are offered file pickers etc when
> a file is to be opened or file-save dialogs when something is to 
> be created.
>
> But one of the code examples describes getting a handle to a 
> directory and says if the directory doesn't exist yet it will be 
> created.  That suggests that rogue code could create folders
> on my system.
>
> I think I also read that once the code has a handle to a directory
> it can scan sub-directories as well.

  you could break the issue down into two things quite easily
and not get super complicated.  if you are running a linux 
system then you have the capability of using different users
and groups to control file and directory access.  so you only
browse using one user and then set up a directory for that 
user to save files to and then put stuff there.  then you can
make that directory read only to a group and set up another
user to go look at the files saved there.  or something like
that...

  songbird

Reply to:

Follow-Ups:
- Re: Firefox PDF download - strange behaviour.
  - From: "Jeremy Nicoll" <jn.ml.dbn.25@letterboxes.org>

References:
- Re: Firefox PDF download - strange behaviour.
  - From: Kamil Jońca <kjonca@o2.pl>
- Re: Firefox PDF download - strange behaviour.
  - From: songbird <songbird@anthive.com>
- Re: Firefox PDF download - strange behaviour.
  - From: "Jeremy Nicoll" <jn.ml.dbn.25@letterboxes.org>

Prev by Date: Re: Hyper-typematic and Firefox responsiveness in Weston.
Next by Date: Re: Hyper-typematic and Firefox responsiveness in Weston.
Previous by thread: Re: Firefox PDF download - strange behaviour.
Next by thread: Re: Firefox PDF download - strange behaviour.
Index(es):
- Date
- Thread