[tvcontrol-api] Access to parental control methods from Chris Needham via GitHub on 2016-07-13 (public-tvcontrol@w3.org from July 2016)

From: Chris Needham via GitHub <sysbot+gh@w3.org>
Date: Wed, 13 Jul 2016 06:55:54 +0000
To: public-tvcontrol@w3.org
Message-ID: <issues.opened-165250209-1468392952-sysbot+gh@w3.org>

chrisn has just created a new issue for 
https://github.com/w3c/tvcontrol-api:

== Access to parental control methods ==
As currently specified, the `setParentalControlPin` and 
`setParentalControl` methods could easily be brute-forced by a web 
page to change the PIN or clear the `isLocked` flag, depending on the 
complexity of the PIN code set. This may be fine in a device-specific 
implementation context, but less desirable if the API is accessed from
 arbitrary web pages. How should these APIs be protected from abuse?


Please view or discuss this issue at 
https://github.com/w3c/tvcontrol-api/issues/11 using your GitHub 
account

Received on Wednesday, 13 July 2016 06:56:09 UTC