Chat& - Detecting User Share Screen Choice for Screen Control Security
Two questions:
1) I realize the “Start Screen Sharing” screen choices cannot be pre-selected for the user, but can that choice be detected after the fact? If screen sharing on behalf of the publisher has begun, can the subscriber detect whether "Desktop," "Window" or "Application" is being shared?
2) I know that the subscriber can close their subscription to the publisher's stream, but can the subscriber sever/close the publisher's share stream, based on whether an "improper" screen portion is being shared? I suppose I could always rig the publisher app to close its own stream, but I wondered if the inverse were possible.
The reason why this is necessary is due to the following possible scenario:
1) User on a web page clicks on a "Connect with a live customer service agent" or some such button, which opens the customer app, and by indirect process, connects them with a customer service rep on the other end.
2) The user is having a lot of problems filling out a web form (or whatever) so the rep asks the customer to share and "co-browse" the user's screen so he can help the user fill out that pesky web form. (screen control, FYI)
3) The rep, being an unscrupulous cad faced with an ignorant user, encourages the user to share their desktop instead of their "window" or "application", thereby granting the rep full access to the user's file system, if only remotely. All manner of mischeif ensues.
If the application were capable of detecting which "screen" the user selected, and if anything other than "Windows" were selected in that screen share dialog, the application would immediately shut down the connection and ask the user to try again. To prevent abuse of the system by the customer service reps, and keep the company lawyers happy 
Is this possible?
Thanks,
Joseph Balderson
Flex & Flash Platform Developer
Have to make this one foolproof for both enterprise users and consumers, so I need to consider all the angles.
Thanks for the feedback Nigel. Owner can shut down the share stream, will look into that thanks.
If I can request that there be a way to expose what option the sharer has selected ("Desktop", "Windows", "Applications") in the share screen dialog, even if indirectly, so the feed could be shut down and the user re-prompted again if the "Desktop" option is chosen, that would greatly help improve security for our application. I don't see how exposing this could be abused; the user still would have the option of clicking cancel on the share screen dialog.
Thanks,
Joseph Balderson
Flex & Flash Platform Developer
Related Conversations
