Access to parental control methods

[chrisn]

As currently specified, the setParentalControlPin and setParentalControl methods could easily be brute-forced by a web page to change the PIN or clear the isLocked flag, depending on the complexity of the PIN code set. This may be fine in a device-specific implementation context, but less desirable if the API is accessed from arbitrary web pages. How should these APIs be protected from abuse?

[JPEvain]

Of course the other weak link is the parental control metadata itself, which can probably be easily tampered with

[chrisn]

Closing this as a duplicate of #23.