A discussion has been raised in web-api list about the security model of
webserial. Feel free to provide your input.
-Alex
On Mon, Aug 4, 2014 at 1:01 AM, Florian Bender <
florian.ben...@quantumedia.de> wrote:
> Am Dienstag, 15. Juli 2014 21:01:19 UTC+2 schrieb somb...@gmail.com:
> > I think an
Am Dienstag, 15. Juli 2014 21:01:19 UTC+2 schrieb somb...@gmail.com:
> I think an important statement for the spec to make is why it needs to
> exist at all? Specifically, it seems like both the WebUSB
> https://bugzil.la/674718 and WebBluetooth https://bugzil.la/674737 specs
> should both be e
Yeah, I think this should work for a first version. We can relax these
restrictions in the future.
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
On Jul 16, 2014 10:34 PM, "Dave Hylands" wrote:
>
> I guess my point is that it isn't always possible to determine what
device is connected. You need to know the correct baud rate,
hardware-flow-control, serial comms to even talk to the device. Some
devices are write-only. Some devices are read-on
uly 16, 2014 11:25:27 AM
> Subject: Re: Intent to implement: webserial api
> On 07/16/2014 02:03 PM, Dave Hylands wrote:
> > But phones, and devices like the Raspberry Pi, and BeagleBone Black, also
> > have "native" serial ports (i.e. non-USB, non-Bluetooth), and the pe
On 07/16/2014 02:03 PM, Dave Hylands wrote:
But phones, and devices like the Raspberry Pi, and BeagleBone Black, also have
"native" serial ports (i.e. non-USB, non-Bluetooth), and the people that use
these types of devices are the very one which are extremely frustrated by the lack of
support
"Daniel Veditz"
> Cc: "dev-platform"
> Sent: Tuesday, July 15, 2014 12:01:19 PM
> Subject: Re: Intent to implement: webserial api
> On 07/13/2014 11:55 AM, Jonas Sicking wrote:
> > Sadly I don't think that is very safe. I bet a significant majority of
On 07/13/2014 11:55 AM, Jonas Sicking wrote:
Sadly I don't think that is very safe. I bet a significant majority of our
users have no idea what a serial port is or what will happen if they allow
a website to connect to it.
Agreed. It seems like the concept users are most likely to reliably
un
On 2014-07-14, 7:22 AM, tzi...@gmail.com wrote:
On Monday, July 14, 2014 2:00:47 PM UTC+3, Gervase Markham wrote:
On 13/07/14 18:35, Vasilis wrote:
Jonas, I would be really interested in your thoughts. Try as we might
(in the WebSerial API docs, at least), noone could actually think of
a
Thank you all for your input. I would like to sum up in order to have a
better overview of what we are looking for.
- Everybody agree that we should provide a restriction level to the api.
- The restriction should be on per web page basic and not per port basic
which will be inefficient.
Ah, sorry for not being too straightforward Erik.
The answer is no (as far as the API design goes, but the implementation should
follow that ofc)
There is actually a very nice image explaining this on our messageboard, but
I'm on my phone so I'll do my best to explain this with a similar exampl
On Mon, Jul 14, 2014 at 4:22 AM, wrote:
> On Monday, July 14, 2014 2:00:47 PM UTC+3, Gervase Markham wrote:
> > On 13/07/14 18:35, Vasilis wrote:
> >
> > > Jonas, I would be really interested in your thoughts. Try as we might
> >
> > > (in the WebSerial API docs, at least), noone could actually t
On Monday, July 14, 2014 2:00:47 PM UTC+3, Gervase Markham wrote:
> On 13/07/14 18:35, Vasilis wrote:
>
> > Jonas, I would be really interested in your thoughts. Try as we might
>
> > (in the WebSerial API docs, at least), noone could actually think of
>
> > a use case where providing access to
On 13/07/14 18:35, tzi...@gmail.com wrote:
> Jonas, I would be really interested in your thoughts. Try as we might
> (in the WebSerial API docs, at least), noone could actually think of
> a use case where providing access to a physical (RS232), or Virtual
> (VirtualUSB or VirtualBluetooth) serial p
>
> Jonas, I would be really interested in your thoughts. Try as we might (in the
> WebSerial API docs, at least), noone could actually think of a use case where
> providing access to a physical (RS232), or Virtual (VirtualUSB or
> VirtualBluetooth) serial port could be a privacy and/or securit
What are you assuming about access to actual USB devices?
-Ekr
On Sun, Jul 13, 2014 at 11:16 AM, Andrew McCreight
wrote:
> - Original Message -
> > Jonas, I would be really interested in your thoughts. Try as we might
> (in the
> > WebSerial API docs, at least), noone could actually t
- Original Message -
> Jonas, I would be really interested in your thoughts. Try as we might (in the
> WebSerial API docs, at least), noone could actually think of a use case
> where providing access to a physical (RS232), or Virtual (VirtualUSB or
> VirtualBluetooth) serial port could be a
Hi guys,
As the guy who originally started the WebSerial API discussion, if i could give
my two cents, I agree with Dave. It's virtually impossible to separate access
per-port. It's all or nothing.
We had this same discussion (actually, long bikesheding) on the WebSerial API
docs as well, but t
On Jul 13, 2014 4:13 AM, "Alexandros Chronopoulos"
wrote:
>
> The basic security model I am thinking of right now is to ask the user
> explicitly. When a website try to open a serial port the user will be
> promoted asking for permissions.
Sadly I don't think that is very safe. I bet a significan
ny serial port.
Dave Hylands
- Original Message -
> From: "Alexandros Chronopoulos"
> To: "Jonas Sicking"
> Cc: "dev-platform"
> Sent: Sunday, July 13, 2014 4:13:44 AM
> Subject: Re: Intent to implement: webserial api
> The basic sec
The basic security model I am thinking of right now is to ask the user
explicitly. When a website try to open a serial port the user will be
promoted asking for permissions. This will happen for any different
port and any different website. The only case not to raise a prompt
would be when a websit
What's the security model for this API?
/ Jonas
On Sat, Jul 12, 2014 at 11:58 AM, Alexandros Chronopoulos
wrote:
> Summary: Webapi to access serial devices through browser. The api will
> provide, to websites, read and write capability from local serial port
> through javascript. Such an impleme
Summary: Webapi to access serial devices through browser. The api will
provide, to websites, read and write capability from local serial port
through javascript. Such an implementation will connect web with
physical devices such as micro controllers, 3d printers etc.
Bug: https://bugzilla.mozilla.
23 matches
Mail list logo
