Security/WebAPI/Web Telephony: Difference between revisions

Security/WebAPI/Web Telephony (view source)

3 bytes added , 5 April 2012

no edit summary

canmove, Confirmed users

1,220

edits

@@ Line 52: / Line 52: @@
 | align="center" style="background:#f0f0f0;"|'''Notes'''
 |-
-| 1||Unauthorized content accesses the Web Telephony API||A web page or web app accesses the Telephony API with having the valid permissions or requirements ||* App Permissions Model will enforce which apps can access which APIs * B2G security model will enforce permissions model at a process level (ie less privileged process not allowed to send IPDL messages even if permissions check fails at an API level)||Malicious web content||?||Requires a bug in broader browser security model||||||
+| 1||Unauthorized content accesses the Web Telephony API||A web page or web app accesses the Telephony API with having the valid permissions or requirements ||
+* App Permissions Model will enforce which apps can access which APIs
+* B2G security model will enforce permissions model at a process level (ie less privileged process not allowed to send IPDL messages even if permissions check fails at an API level)
+||Malicious web content||?||Requires a bug in broader browser security model||||||
 * Place unauthorized calls, cost the user money, make spam phone calls
 * Use phone a bugging device, breach user privacy