On Jul 13, 2014 4:13 AM, "Alexandros Chronopoulos" <achro...@gmail.com> wrote: > > The basic security model I am thinking of right now is to ask the user > explicitly. When a website try to open a serial port the user will be > promoted asking for permissions.
Sadly I don't think that is very safe. I bet a significant majority of our users have no idea what a serial port is or what will happen if they allow a website to connect to it. This problem is severe enough that in FirefoxOS we are relying on marketplace review and using application signing before granting access to hardware ports like this. This sucks in many ways, but at least offers some level of protection for users. Another option is to have this disabled by default and require that users dig deep into settings to enable it on a per-website basis. This also has obvious disadvantages. I would encourage you to reach out to the security team to figure out as good of a solution as possible. A good person to start with is Dan Veditz. / Jonas _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
