- From: Augusta Beltrametti <augustabeltrametti@gmail.com>
- Date: Thu, 20 Dec 2018 09:38:08 +0100
- To: public-webapps@w3.org
Received on Thursday, 20 December 2018 10:17:12 UTC
Hello! Has anyone investigated the following situation? If an application server get compromised and the attackers get the data associated to web push, what is the suggested approach to revoke all the subscriptions? The main reason to revoke everything would be to prevent the attacker from sending notifications to the user as if it was the legitimate website. Also, it would be nice if the standard could provide a way to replace the subscriptions without loosing the subscribers. Thanks AB
Received on Thursday, 20 December 2018 10:17:12 UTC