canmove, Confirmed users
1,220
edits
Security/WebAPI/Web Telephony: Difference between revisions
-
Ptheriault (talk | contribs) No edit summary |
Ptheriault (talk | contribs) (-) |
||
| Line 98: | Line 98: | ||
* Broader B2G issue | * Broader B2G issue | ||
* Only high-privileged content process will have access to send dialer IPDL messages | * Only high-privileged content process will have access to send dialer IPDL messages | ||
||Malicious web content|||||||||| | |||
| | |||
| 6||Denial of Service on Dialer|| | |||
*Denial of service, somehow disabling the phone app, or causing it to lose it's permissions? | |||
*Locking up audio channels, changing mic volume etc to interfere with calls | |||
|| | |||
* Would probably require permissions to launch these styles of attacks? | |||
||Malicious web content|||||||||| | ||Malicious web content|||||||||| | ||
|} | |} | ||
===Authorization Model=== | ===Authorization Model=== | ||
* | *Implicit: An app which a user wants to act as a dialer will need to be granted the appropriate permissions. Once granted the app will have complete access to this API and be trusted to make and receive phone calls. | ||
===Implementation Requirements=== | ===Implementation Requirements=== | ||
* | Potential Security Features | ||
* Only certified code can be granted this permission. | |||
* Support for a number blacklist? (prevent calls to premium numbers?) | |||
* Rate-limiting? (restrict the number of calls that can be initiated in a certain time period?) Not sure if useful. | |||
* | |||