W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > November 2020

Re: [webrtc-extensions] Invalid TURN credentials: What function should fail? (#52)

From: Anne van Kesteren via GitHub <sysbot+gh@w3.org>
Date: Tue, 17 Nov 2020 09:43:37 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-728811972-1605606216-sysbot+gh@w3.org>
There's multiple reasons to fail in the network layer rater than at the API:

* A generic network error used for various reasons gives less information to an attacker. Browsers can still expose more granular information in the developer console.
* A network error usually degrades more gracefully than an API starting to throw an exception it previously did not throw. There's less chance for the application to fall apart.
* Architecturally, using the network layer for security checks reduces the risk of new APIs forgetting about some of them.

Unknown schemes seem somewhat different though and it might well make sense to fail at the API boundary there to allow for feature testing.

-- 
GitHub Notification of comment by annevk
Please view or discuss this issue at https://github.com/w3c/webrtc-extensions/issues/52#issuecomment-728811972 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 17 November 2020 09:43:39 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:52 UTC