- From: Lorenzo Miniero <lorenzo@meetecho.com>
- Date: Wed, 27 Nov 2013 18:51:03 +0100
- To: Justin Uberti <juberti@google.com>
- Cc: cowwoc <cowwoc@bbs.darktech.org>, Silvia Pfeiffer <silviapfeiffer1@gmail.com>, Martin Thomson <martin.thomson@gmail.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>
Il giorno Wed, 27 Nov 2013 09:10:13 -0800 Justin Uberti <juberti@google.com> ha scritto: > On Wed, Nov 27, 2013 at 1:46 AM, Lorenzo Miniero > <lorenzo@meetecho.com>wrote: > > > Il giorno Wed, 27 Nov 2013 00:34:46 -0800 > > Justin Uberti <juberti@google.com> ha scritto: > > > > > I disagree completely. > > > > > > Allowing the installation of apps that have unlimited access to > > > the system did cause the computing world to end, in a sense. We > > > tried that, and the result was systems plagued with spyware, and > > > the creation of the whole anti-virus industry. Thankfully, this > > > philosophy has now been discredited, and replaced with approaches > > > that through various mechanisms (ACLs, sandboxing, curation, etc) > > > aim to protect their users as a top priority. That is what Chrome > > > (amongst others) is doing, and will continue to do. > > > > > > I understand that having access to screen sharing is a highly > > > desired feature. But there are real issues here, and no amount of > > > scary text in the dialog box is going to make this safe for > > > arbitrary pages on the drive-by web. > > > > > > So we have made our decision for the initial rollout of this > > > functionality. In M33, the rules are as I describe - accessible > > > only via extensions or apps, and for window/desktop sharing, a > > > user prompt for all sharing requests. We'll ship this code, > > > people will use it, we'll get feedback - and we'll go from there. > > > > > > > > > I still don't have a clear opinion on this, as I'm trying to make my > > mind about this, and so I really don't have alternatives ready, but > > I have a question (well maybe two). Would this app/extension be > > associated with a specific domain? that is, would YourCompany > > publish such an app to allow window/desktop sharing when the > > page/javascript comes from yourcompany.com, or would it be in > > general a service provided to JavaScript developers that may make > > use of it? I guess it's the former, but in that case, can I use > > window/desktop sharing in localhost or on a LAN, e.g., for testing > > purposes? The proposed model seems to suggest I wouldn't be able to > > do so. > > > > The publisher of the extension can control which domains can talk to > it. See > http://developer.chrome.com/extensions/manifest/externally_connectable.html. > This would allow you to make your extension available to > yourcompany.com, as well as development machines on > *.corp.yourcompany.com. (Note that *.com and other wide-reaching > wildcards are not permitted.) > > There is also the Chrome flag parameter to force on the screen-sharing > feature for testing purposes > (chrome://flags/#enable-usermedia-screen-capture). Ok, so the flag to do it anyway (just for testing, of course) would still be there. Thanks for the clarification. Lorenzo
Received on Wednesday, 27 November 2013 17:51:39 UTC