Is there any special risk on allowing any kind of unauthenticated content to request vibration without any permission request?
Thanks, best El 16/04/12 07:55, "Lucas Adamski" <[email protected]> escribió: >Last call for comments! So far the only feedback I have received is that >it would be good to have a UI mechanism for determine which app is >triggering the vibration, which sounds like a reasonable idea to me. >Thanks! > Lucas. > >On Apr 11, 2012, at 10:36 PM, Lucas Adamski wrote: > >> Name of API: Vibration >> Reference: http://dev.w3.org/2009/dap/vibration/ >> >> Brief purpose of API: Let content activate the vibration motor >> >> Inherent threats: Obnoxious if mis-used, consume extra battery >> Threat severity: low >> >> == Regular web content (unauthenticated) == >> Use cases for unauthenticated code: Vibrate when hit in a game >> Authorization model for uninstalled web content: Explicit >> Authorization model for installed web content: Implicit >> Potential mitigations: Limit how long vibrations can run >> >> == Trusted (authenticated by publisher) == >> Use cases for authenticated code:[Same] >> Authorization model: Implicit >> Potential mitigations: >> >> == Certified (vouched for by trusted 3rd party) == >> Use cases for certified code: >> Authorization model: implicit >> Potential mitigations: >> >> Notes: This API may be implicitly granted. User can deny from >>Permission Manager to over-ride an abusive app. >> > >_______________________________________________ >dev-webapps mailing list >[email protected] >https://lists.mozilla.org/listinfo/dev-webapps > Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at http://www.tid.es/ES/PAGINAS/disclaimer.aspx _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
