Difference between revisions of "Crypto API"
From MgmtWiki
(→Problems) |
|||
| Line 9: | Line 9: | ||
* Any web site can download a [[Progressive Web App]] for use whether or not the user chooses to "install" it and thereby pretend to be the user. | * Any web site can download a [[Progressive Web App]] for use whether or not the user chooses to "install" it and thereby pretend to be the user. | ||
* If a wallet is installed by a web site, there is no way for another site to use it by sharing cookies as that has been blocked since 2022. | * If a wallet is installed by a web site, there is no way for another site to use it by sharing cookies as that has been blocked since 2022. | ||
| + | * There is no reason for the user or any other party to trust the app as it is not known who installed the app or why. | ||
==References== | ==References== | ||
Revision as of 12:47, 10 March 2022
Full Title or Meme
The ability of any Progressive Web App to access cryptography engines on the device.
Context
Problems
- Any web site can download a Progressive Web App for use whether or not the user chooses to "install" it and thereby pretend to be the user.
- If a wallet is installed by a web site, there is no way for another site to use it by sharing cookies as that has been blocked since 2022.
- There is no reason for the user or any other party to trust the app as it is not known who installed the app or why.
References
- Also see this wiki page PWA initiators for implementing in a Progressive Web App page.
