On Sat, 6 Sep 2014, at 14:49, Martin Thomson wrote: > One idea that has been floated > (https://bugzilla.mozilla.org/show_bug.cgi?id=1002676) is to restrict > persistent permissions to secure origins. The reasoning there being that > a persistent grant can be trivially intercepted if you work in the clear. > That's a real security concern. One that gUM requires.
That sounds interesting. I guess in this case you would want to mark the permission as session-specific with an expire time of a few hours? If there is a way to know whether a nsIPrincipal is associated with an authenticated origin, it should be fairly simple to implement inside nsPermissionManager. Though, it might require some UI, wouldn't it? -- Mounir _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
