-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feat] Allow reading any file #3591
Comments
We are working on some kind of whitelist system for user-selected paths (dialog and file-drop). Furthermore you don't have these restrictions in rust which should generally be preferred for file system interactions anyway. |
Thank you for the response, yes I might try to implement it myself in rust. but I am failing to understand what Tauri is achieving by implementing such feature? as you mentioned it's anyway achievable with rust so from what I see tauri apps are desktop apps, they are supposed to read any file. so far my entire application works just fine without a single line of rust. but just to enable reading any file I will have to write the logic myself. I hope I was able to convey my thoughts. |
We are working on a solution (see lucasfernog@bcca82e) - however the security implication is that access to ANY file is very, very much a security risk, especially if you are using any code / dependency that you didn't write yourself. Giving this kind of superpower to JS should scare you. Writing rust should not scare you. :) |
What plans are there to mitigate the security risks involved if you are using code / dependencies that you didn't write yourself in Rust? |
You should use the isolation pattern: https://tauri.studio/docs/architecture/patterns/isolation You should vet your dependencies with e.g. SNYK.COM or SOCKET.DEV You should read our Security Guidelines: https://tauri.studio/docs/development/security |
Not sure why you felt it necessary to thumbs-down the respone to @trgwii, @Sparkenstein. If you want to persist this setting (which a user should be empowered to do - and against our security recommendations) then you can use this: |
I feel like if they were only recommendations, there would be a scope for |
Describe the problem
I am working on an application where I need to read any file from anywhere on users directory. currently we have only fixed set of configurable scopes, so the user of my application wont be able to
select
any file.Describe the solution you'd like
need a way to select any file from file system. if I can only select a file from specific directory like Download or Document etc, it's not a useful desktop application. even a webapp can read any file
Alternatives considered
No response
Additional context
The application I am working on calculates
hash
of any file. it's a pretty straightforward use case, user selects whichever file he wants, and I calculate the hash of that file.The text was updated successfully, but these errors were encountered: