W3C home > Mailing lists > Public > public-browser-tools-testing@w3.org > October to December 2013

Re: [WebDriver] Implementation security issues

From: David Burns <dburns@mozilla.com>
Date: Mon, 28 Oct 2013 10:32:40 +0000
Message-ID: <526E3D48.8070901@mozilla.com>
To: Tobie Langel <tobie@w3.org>, public-browser-tools-testing@w3.org

I am happy to have a non-normative section in the spec on how to deal 
with these scenarios but they are going to be extremely fluffy. A lot of 
the security concerns are the same as how you would secure a browser on 
a mobile phone that has remote debugging.

Please can you raise a bug agains the spec setting it as a blocker 
against bug 20860.


On 28/10/2013 09:13, Tobie Langel wrote:
> Hi folks,
> I've been evangelizing WebDriver for W3C's user agent testing effort. The biggest concern I've heard so far is around security. The TV industry in particular is worried this could be used to subvert a user's TV set.
> It would be extremely useful to either have a (non-normative) section on security within the spec, describing the potential security risks (including social engineering) and mitigation strategies, or have such a document hosted elsewhere to which I could point to when security is brought up as a concern.
> Case studies on how the security concerns have been resolved in shipping implementations would also be tremendously useful.
> Let me know if there's anything I could help with here.
> Best,
> --tobie
Received on Monday, 28 October 2013 10:33:04 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:09:49 UTC