- From: Seth Brown <learc83@gmail.com>
- Date: Tue, 4 Jan 2011 16:59:38 -0500
When you download and run a program you are placing the same level of trust in a website (unless it the program is also distributed by an additional trusted site and you can verify the one you have is the same) as you would when allowing them to access one of your devices. Therefore, device element access should require the same level of confirmation as installing a downloaded program. That being said. Granting access to a particular script instead of an entire site sounds like a reasonable security requirement to me. As does using a hash to verify that the script you granted permission to hasn't changed. -Seth
Received on Tuesday, 4 January 2011 13:59:38 UTC