You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As currently specified, the setParentalControlPin and setParentalControl methods could easily be brute-forced by a web page to change the PIN or clear the isLocked flag, depending on the complexity of the PIN code set. This may be fine in a device-specific implementation context, but less desirable if the API is accessed from arbitrary web pages. How should these APIs be protected from abuse?
The text was updated successfully, but these errors were encountered:
As currently specified, the
setParentalControlPin
andsetParentalControl
methods could easily be brute-forced by a web page to change the PIN or clear theisLocked
flag, depending on the complexity of the PIN code set. This may be fine in a device-specific implementation context, but less desirable if the API is accessed from arbitrary web pages. How should these APIs be protected from abuse?The text was updated successfully, but these errors were encountered: