On Tue, 4 Jan 2011 22:09:20 +0000, Bjartur Thorlacius wrote:
On 1/4/11, Diogo Resende <[email protected]> wrote:
Flash is insecure because there's no security policies. It's
similiar to
the firefox feature to read files: you read all or you read none.
That's
not a good policy. Something similar to the geolocation would be
better
(this specific site/app can access this specific device).
Maybe I was not clear. Example:
- User goes to an app, clicks on a button
- App requests a serial device access for a "Meteorology Device" (this
should really be a string or something like that, not a device category
or class)
- Browser notifies user, shows list of devices for the user to pick ONE
or to deny (in the middle of this a "sudo"-like box might appear, I
really don't care about it)
- App gets access to a limited serial API just to that device (or any
other that a user might already given access)
I hope I was clear enough now. No kernel ACLs and stuff like that.
