It's more the case that a persistent positive grant from permission manager would be ignored for non-secure origins and non-secure origins would not show any option to persist.
----- Original Message ----- From: "Mounir Lamouri" <mou...@lamouri.fr> To: "Martin Thomson" <m...@mozilla.com>, "Ehsan Akhgari" <ehsan.akhg...@gmail.com> Cc: "Chris Peterson" <cpeter...@mozilla.com>, dev-platform@lists.mozilla.org Sent: Saturday, September 6, 2014 6:28:05 AM Subject: Re: Restricting gUM to authenticated origins only On Sat, 6 Sep 2014, at 14:49, Martin Thomson wrote: > One idea that has been floated > (https://bugzilla.mozilla.org/show_bug.cgi?id=1002676) is to restrict > persistent permissions to secure origins. The reasoning there being that > a persistent grant can be trivially intercepted if you work in the clear. > That's a real security concern. One that gUM requires. That sounds interesting. I guess in this case you would want to mark the permission as session-specific with an expire time of a few hours? If there is a way to know whether a nsIPrincipal is associated with an authenticated origin, it should be fairly simple to implement inside nsPermissionManager. Though, it might require some UI, wouldn't it? -- Mounir _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
