-2

我需要在没有安全警告的情况下从网页捕获图像。

在此处输入图像描述

我需要网络摄像头功能的页面无法切换到 https 协议。我已经安装了根证书并使它们受信任。我试图在页面(http://mypage.com )内插入 iframe (指向安全协议https://mysecurepage.com ) ,但没有奏效。

4

2 回答 2

2

@bjelli 是正确的 - 这是任何互联网内容的主要安全漏洞。试想一下,如果您可以访问一个无需任何权限或通知即可开始拍照/记录一切的网站!

但是,我正在开发一个 Intranet 项目,在该项目中禁用提示将非常安全。如果您处于这种位置-您可以做一件事;

谷歌浏览器政策

如果您正在部署浏览器,您可以覆盖您指定的站点的安全提示。我不知道您是否在这样的环境中工作,但这是您可以一起避免提示的唯一方法。类似的事情也可能适用于其他浏览器。

于 2013-09-20T01:35:51.070 回答
1

As defined in http://www.w3.org/TR/mediacapture-streams/

When the getUserMedia() method is called, the user agent MUST run the following
steps:

[9 steps omitted] 

Prompt the user in a user agent specific manner for permission to provide the
entry script's origin with a MediaStream object representing a media stream.

[...]

If the user grants permission to use local recording devices, user agents are
encouraged to include a prominent indicator that the devices are "hot" (i.e. an
"on-air" or "recording" indicator).

If the user denies permission, jump to the step labeled failure below. If the
user never responds, this algorithm stalls on this step.

If a browser does not behave as described here it is a serious security problem. If you find a way of making a browser skip the "permission" you have found a security problem.

What do you do if you find a security problem?

Report it IMMEDIATELY! Wikipedia: Vulnerability Disclosure

This is not just a question of technical possibilities, it's also a question of professional ethics: what kind of job would I not take on? should I be loyal to my customer or should I think of the welfare of the public? when do I just follow orders, when do I stop bad stuff from happening, when do I blow the whistle?

Here are some starting points for computing professionals to think about the ethics of their work:

于 2013-05-20T05:47:17.513 回答