W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2011

[whatwg] whatwg Digest, Vol 82, Issue 10

From: Seth Brown <learc83@gmail.com>
Date: Tue, 4 Jan 2011 16:59:38 -0500
Message-ID: <AANLkTimtjXLaUDbxRoCCg9fvD_MUKNYVEsdhXu_1EoG6@mail.gmail.com>
When you download and run a program you are placing the same level of
trust in a website (unless it the program is also distributed by an
additional trusted site and you can verify the one you have is the
same) as you would when allowing them to access one of your devices.

Therefore, device element access should require the same level of
confirmation as installing a downloaded program.

That being said. Granting access to a particular script instead of an
entire site sounds like a reasonable security requirement to me. As
does using a hash to verify that the script you granted permission to
hasn't changed.

-Seth
Received on Tuesday, 4 January 2011 13:59:38 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:29 UTC