[whatwg] Security risks of persistent background content (Re: Installed Apps)

David Levin levin at google.com
Thu Jul 30 11:11:10 PDT 2009


On Thu, Jul 30, 2009 at 10:18 AM, Michael Davidson <mpd at google.com> wrote:

> On Tue, Jul 28, 2009 at 10:58 PM, Maciej Stachowiak<mjs at apple.com> wrote:
> >
> > Here's some security risks I've thought about, for persistent workers and
> > persistent background pages:
> >
> > <great list of risks>
>
> Thanks for the list, Maciej. However, Firefox extensions today have
> all of the same problems. Do you consider the permission UI in Firefox
> insufficient? Given Safari's extension model, I'm going to guess the
> answer is yes. The fact that FF has extensions, however, at least
> shows that one browser vendor believes that sufficient permission UI
> exists.


Maciej said this at the end of original email.

"I do think offering a feature like this in the context of an application or
extension style install experience might be acceptable - specifically an
experience that is explicitly initiated by the user with multiple
affirmative steps. But web features are not usually designed around such an
expectation, usually this is the hallmark of a proprietary platform, at
times also including central vetting and revocation capabilities."


Does that answer your question?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090730/54b14654/attachment.htm>


More information about the whatwg mailing list