W3C home > Mailing lists > Public > public-device-apis@w3.org > February 2013

Re: [discovery-api] Consolidated comments and questions

From: <Frederick.Hirsch@nokia.com>
Date: Tue, 5 Feb 2013 22:34:44 +0000
To: <richt@opera.com>
CC: <Frederick.Hirsch@nokia.com>, <public-device-apis@w3.org>
Message-ID: <1CB2E0B458B211478C85E11A404A2B27019055D2@008-AM1MPN1-033.mgdnok.nokia.com>

On Feb 5, 2013, at 9:36 AM, ext Rich Tibbett wrote:

>> Is it expected that the application will be notified from error messages
>> coming from the protocol level?
> 
> No. We have deliberately obfuscated errors for both privacy and simplicity. The web page only really needs to know if access was granted or not. The cause of any error is not something that needs to bubble up to the web application - unless there are any use cases in which that is essential and warrant us having a further look at this.

+1 to this in general ( though attacks are still possible using timing etc)

regards, Frederick

Frederick Hirsch
Received on Tuesday, 5 February 2013 22:35:36 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:53:58 UTC