Comment by saberience
5 months ago
This seems like a security nightmare, a way to inject insecure content onto everyone's PC which can then automate actions executed with full user/admin privileges?
Why on Earth would I want this?
5 months ago
This seems like a security nightmare, a way to inject insecure content onto everyone's PC which can then automate actions executed with full user/admin privileges?
Why on Earth would I want this?
Entirely executing within the browser sandbox is one way to mitigate this. And that is the current scope of the official w3c proposal for this.
https://github.com/webmachinelearning/webmcp
I attempted to acknowledge the security implications and am not trying to push this as a product/service - this was just a proposal.
Despite it being a proposal, I added token based authentication to mitigate potential abuse by forcing users to intentionally authenticate with a website before it can be used.