> > Bottomline: everything goes through the browser's file upload dialog > > anyway and thus we don't have to worry about security implications. > > Actually, since this is local there is no need for it to go through > the upload dialog. The server could just read the file off the > filesystem. > > Thanks for pointing out the distinction, which could really matter for > implementing this, though it won't matter for this particular scenario > (OS X gui users).
So there would be a flag like SAGE_IMREALLYREALLYLOCAL which indicates that the user who's using Sage is in fact the same person who started it? We don't want to trigger reading files and such as a response to a simple HTTP GET (think phishing and stuff) for server's which are not 100% local use only. Martin -- name: Martin Albrecht _pgp: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8EF0DC99 _otr: 47F43D1A 5D68C36F 468BAEBA 640E8856 D7951CCF _www: http://www.informatik.uni-bremen.de/~malb _jab: martinralbre...@jabber.ccc.de --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to sage-devel@googlegroups.com To unsubscribe from this group, send email to sage-devel-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://www.sagemath.org -~----------~----~----~----~------~----~------~--~---
