canmove, Confirmed users
1,220
edits
WebAPI/Security/WebTelephony: Difference between revisions
→Trusted (authenticated by publisher)
Ptheriault (talk | contribs) |
Ptheriault (talk | contribs) |
||
| Line 25: | Line 25: | ||
== Trusted (authenticated by publisher) == | == Trusted (authenticated by publisher) == | ||
Use cases for authenticated code: | Use cases for authenticated code: As per regular web app. | ||
*Authorization model: explicit (web activities) | *Authorization model: explicit (web activities) | ||
*Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call. User interaction required to trigger. | *Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call. User interaction required to trigger. | ||