On 02/23/2015 09:23 AM, Gervase Markham wrote:
> On 23/02/15 17:16, Kyle Huey wrote:
>> Is your question whether the authentication of the wipe request happens
>> on the client or the server?
>
> I mean, if I have control of the server (e.g. I'm an admin or an
> attacker) can I send a wipe request to the device that the device will
> honour? Or does it also require some information from the user? If so, what?
The use case of FMD being that you lost your phone, we don't ask
anything on device... So if the server side is compromised, yes you can
wipe the device.
Fabrice
--
Fabrice Desré
b2g team
Mozilla Corporation
_______________________________________________
dev-b2g mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-b2g
