UGoogle waphulaphula ukugxekwa kwaye wayeka ukukhuthaza i-API ye-Web Environment Integrity, yasusa ukuphunyezwa kwayo kovavanyo kwi-codebase ye-Chromium kwaye yahambisa indawo yokugcina iinkcukacha kwimodi yogcino. Ngelo xesha, iimvavanyo ziyaqhubeka kwi-platform ye-Android kunye nokuphunyezwa kwe-API efanayo yokuqinisekisa indawo yomsebenzisi - I-WebView Media Integrity, ebekwe njengokwandiswa okusekelwe kwiiNkonzo ze-Mobile ze-Google (GMS). Kuxelwa ukuba i-API ye-WebView Media Integrity iya kukhawulelwa kwicandelo le-WebView kunye nezicelo ezinxulumene nokucutshungulwa komxholo wemultimedia, umzekelo, ingasetyenziswa kwizicelo zeselula ezisekelwe kwiWebView yokusasaza iaudio kunye nevidiyo. Akukho zicwangciso zokubonelela ukufikelela kule API ngokusebenzisa isikhangeli.
I-API ye-Web Environment Integrity yenzelwe ukubonelela abanini besayithi ngokukwazi ukuqinisekisa ukuba indawo yomthengi inokuthenjwa ngokukhusela idatha yomsebenzisi, ngokuhlonipha ipropati yengqondo, kunye nokusebenzisana nomntu wangempela. Kwakucatshangelwa ukuba i-API entsha ingaba luncedo kwiindawo apho isayithi kufuneka liqinisekise ukuba kukho umntu wangempela kunye nesixhobo sangempela kwelinye icala, kwaye isiphequluli asilungiswanga okanye sisuleleke nge-malware. I-API isekwe kwitekhnoloji ye-Play Integrity, esele isetyenziswe kwiqonga le-Android ukuqinisekisa ukuba isicelo senziwe kwisicelo esingalungiswanga esifakwe kwikhathalogu ye-Google Play kwaye sisebenza kwisixhobo sokwenyani se-Android.
Ngokuphathelele kwi-Web Environment Integrity API, ingasetyenziselwa ukucoca i-traffic kwi-bots xa ubonisa intengiso; ukulwa ne-spam ethunyelwe ngokuzenzekelayo kunye nokunyusa ukulinganisa kwiintanethi zentlalo; ukuchonga iinkohliso xa ujonga umxholo onelungelo lokushicilela; ukulwa nabaqhathi kunye nabathengi bomgunyathi kwimidlalo ye-intanethi; ukuchonga ukudalwa kwee-akhawunti ze-fictitious by bots; ukubala uhlaselo lokuqikelela igama lokugqitha; ukhuseleko kubuqhetseba, luphunyezwe kusetyenziswa i-malware esasaza imveliso kwiisayithi zokwenyani.
Ukuqinisekisa ubume besikhangeli apho ikhowudi yeJavascript elayishiweyo iphunyezwa khona, iWeb Environment Integrity API icetywayo isebenzisa uphawu olukhethekileyo olukhutshwe ngumntu wesithathu oqinisekisayo (umngqineli), nto leyo enokuthi yona idityaniswe ngekhonkco lentembeko ngeendlela zokulawula ingqibelelo. kwiqonga (umzekelo, i-Google Play) . Ithokheni yenziwe ngokuthumela isicelo kwi-third-party certification server, eyathi, emva kokwenza iitshekhi ezithile, yaqinisekisa ukuba indawo yesikhangeli ayizange iguqulwe. Ukuqinisekisa, i-EME (Izandiso zeMedia ezifihliweyo) zisetyenzisiwe, ezifanayo nezo zisetyenziswa kwi-DRM ukucacisa umxholo wemidiya onelungelo lobunikazi. Kwithiyori, i-EME ayithathi cala kumthengisi, kodwa ekusebenzeni ukuphunyezwa kwezinto ezintathu kuye kwaba yinto eqhelekileyo: iGoogle Widevine (esetyenziswa kwiChrome, Android, kunye neFirefox), iMicrosoft PlayReady (esetyenziswa kwiMicrosoft Edge kunye neWindows), kunye neApple FairPlay (esetyenziswa kwiSafari. kunye neeMveliso zeApile).
Umzamo wokuphumeza i-API ekuthethwa ngayo ikhokelele kwiinkxalabo zokuba inokujongela phantsi ubume obuvulekileyo beWebhu kwaye ikhokelele ekwandeni kokuxhomekeka kwabasebenzisi kubathengisi ngabanye, kunye nokunciphisa kakhulu amandla okusebenzisa ezinye iziphequluli kunye nokwenza nzima ukukhuthazwa kwezinto ezintsha. iibhrawuza kwimarike. Ngenxa yoko, abasebenzisi banokuxhomekeke kwiibhrawuza eziqinisekisiweyo ezikhutshwe ngokusemthethweni, ngaphandle kwazo banokuphulukana namandla okusebenza kunye neewebhusayithi ezinkulu kunye neenkonzo.
umthombo: opennet.ru