What happens when enterprise policy will prohibit the user from installing
extensions? At this point I see requirement to install extensions for
screen sharing only as a mechanism to penalize small new providers vs large
providers. For the large established providers extensions would be much
more likely to be pre-installed/approved by the enterprise IT team. It is
much less likely to happen for smaller new services.
I have mentioned earlier that extension mechanism serves no purpose at all
as far as security is concerned. The risk that attacker can share users
browser via a rouge WebEx ot GoToMeeting session is no different then the
risk that he can share users browser via a custom session he have created.
_____________
Roman Shpount
On Wed, Jan 15, 2014 at 5:34 PM, Justin Uberti <juberti@google.com> wrote:
> Blocking HTTPS makes it impossible to share a Google Docs doc or
> presentation
>
> Look, this is a hard problem, and we've come to a point where use of the
> screensharing feature in Chrome requires jumping through a hoop (i.e.
> installing an extension), but not a ridiculously difficult one. I suspect
> that web applications will find fairly elegant ways to incorporate this
> into their flow.
>
>
> On Mon, Jan 13, 2014 at 6:13 AM, Tim Panton new <thp@westhawk.co.uk>wrote:
>
>>
>> On 13 Jan 2014, at 00:40, Silvia Pfeiffer <silviapfeiffer1@gmail.com>
>> wrote:
>>
>>
>> A whitelist of bank sites?
>>
>>
>> Wouldn't bank sites always need to be "blacklisted" (i.e.: don't show
>> their content)?
>>
>>
>> Strikes me that a good short term default would be that https:// sites
>> default
>> to not supporting screenshot. http:// sites allow it, as do any that
>> have the
>> meta-screenshot tag set.
>>
>> I realize that as more sites adopt https:// only practices this default
>> will dwindle in usefulness.
>>
>> T.
>>
>
>