© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
> If browsing the local filesystem was allowed, this could easily be implemented, of course.
Other apps, such as the "Document Viewer" seem to be perfectly able to see the local filesystem... Same for the terminal app, and any programs started by it (... and this is a good thing too, please keep it that way!)
> Ubuntu touch’s security model confines applications so that they can’t gain access to other applications’ data and files. The browser is no exception,
Why not *make* it an exception? After all, in a way, it is supplied by Ubuntu themselves, and thus should be able to be trusted, no? And the Document Viewer seems to be an existing exception already.
> If a user knows how to set up a local web server, they supposedly know what they are doing, and it’s their responsibility to ensure that they’re not giving away access to all their files to the outer world.
Ok, so the user will note his passwords on a piece of paper, and a bystander reads it off from it too. Or he has the same password everywhere... (... and his favorite porn site gets hacked, and that was the same password as his bank...) So, even non-technical users have plenty of ways of screwing things up if safer alternatives are unavailable. The point here is, putting passwords in a file:/// would be one way to work around bug #1516220, and this is not available, potentially pushing users to less safe solutions.
>> Btw, other phone browsers, such as Android, do allow this.
>Last time I checked, it didn’t.
Please check again. Nowadays Android browsers (both Firefox and builtin browser) can browse file:/// URL's just fine. Obviously there are some directories where normal Unix permissions provide access, but all the others (including top level root directory) _are_ accessible. Firefox displays directory listings, however Android's builtin browser shows an empty page for directories. It *does* access them though, as it displays an error message for non-existing directories. And it does show .txt and .html files (and probably other file types too, but I'm to lazy to check them all. The point has been proven.)
> That was a while ago though, things might have changed. Android has a rather different security model though.
Well, I just pointed this out, as you seemed to be very sure that it didn't....
> Please avoid confirming your own bug reports. Thanks for your time and bug reports, keep them coming!
Sorry for this. I guess I was just pissed as seeing valid bugs marked invalid. From now on, I'll transition them back to "New" instead.