Fedora Security and the Uverse 3800HGV-B router

[JD]

On 07/02/2011 02:42 PM, Sam Sharpe wrote:
> On 2 July 2011 22:20, JD<jd1008 at gmail.com>  wrote:
>> On my machine, when I disable javascript, it is unable to display my files.
>> I understand that the browser is supposed to be able to display your files
>> with the file:/// URL.
>> I just was not expecting my router to issue a javascript to
>> to access my files. And my concern is that any web site can issue a
>> javascript to access personal files; and most people are unaware of this,
>> because they are not techies, and do not understand what javascripts
>> are capable of doing.
> I don't think you understand. Your browser can access your local
> files. It is doing so via a file:/// URL. This is not a problem with
> javascript, this is a feature of your browser. To check this, please
> type in "file:///" into your browsers address bar manually and you
> will see that there is no difference in the behaviour. I repeat, this
> is not a javascript problem and you are getting hysterical over
> nothing.
>
> It is not a security risk because it is showing you the files you have
> access to on your machine. Javascript has absolutely nothing to do
> with it apart from sending *you* to the URL.
>
When I disabled javascript, the the link in the
router's page could no longer open
file:///
I am not saying that THAT script in itself is a terrible
threat.  There are far more sophisticated javascripts
than just displaying your files in the browser.