[webkit-dev] Proposed feature: Network Service Discovery

Alexey Proskuryakov ap at webkit.org
Sat Aug 31 09:19:04 PDT 2013


30.08.2013, в 15:53, Dirk Pranke <dpranke at chromium.org> написал(а):

>> The draft does contain the sentence "Web pages should not be able to communicate with Local-networked Services that have not been authorized by the user thereby maintaining the user's privacy" in the use cases section; this should definite be emphasized and fleshed out, in a security section.
> 
> How does the user know what they're doing?  If there's an ad/unescaped comment containing something malicious should a remote site be able to know what services you have in your internal network?
> 
> I'm not sure I understand your question, but I'm talking about the user having to opt-in to disclosing services, similar to the opt-ins we do for geolocation, media capture, local files, etc., e.g., "Spotify would like to know if you have any local media receivers", etc. ...


"Would you like to install malware onto all networked printers in your office? Please click OK to get rid of this dialog, and finally start the browser game you want to play."

- WBR, Alexey Proskuryakov


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20130831/2a4d60f9/attachment.html>


More information about the webkit-dev mailing list