On Mar 23, 2012, at 11:29 AM, Kevin Chadwick wrote: > On Thu, 22 Mar 2012 23:45:47 -0700 > Lucas Adamski wrote: > > Untrusted >> They might want to capture audio or video input to stream to a server or >> process client-side, > > > Input from? > > What's the distinction here, only via e.g. a flash plugin with it's own > permissions? Stories of phones without camera covers being a corporate > security risk, spring to mind. > > > Trusted somewhat where a single app may require access to camera/microphone > for chat
Input from the device's built in camera / microphone. That's the relevant discussion to have when we talk about the camera (webRTC) APIs. Maybe explicitly requested access is generally ok, but implicit access may or may not ever be ok (say for trusted core apps). I suspect that's a long thread by itself. Lucas. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
