Changes

Jump to navigation Jump to search
Line 29: Line 29:  
:Not possible in an activity, apparently.  This is done in the [[Activities/Help|Help]] activity, and the mapping from bundle id to HTML file is also held there. --[[User:Quozl|Quozl]] ([[User talk:Quozl|talk]]) 22:09, 25 May 2015 (EDT)
 
:Not possible in an activity, apparently.  This is done in the [[Activities/Help|Help]] activity, and the mapping from bundle id to HTML file is also held there. --[[User:Quozl|Quozl]] ([[User talk:Quozl|talk]]) 22:09, 25 May 2015 (EDT)
   −
== No URL entry box leads to insecurity ==
+
== No URL entry box, URL spoofing ==
   −
The embedded browser used by this feature does not show an entry box for the URL.  This removes one of the critical security features of web browsers; the ability to verify that the site you are visiting is the right one, and you haven't been redirected to another. --[[User:Quozl|Quozl]] ([[User talk:Quozl|talk]]) 21:19, 26 May 2015 (EDT)
+
The embedded browser used by this feature does not show an entry box for the URL.  This removes one of the critical security features of web browsers; the ability to verify that the site you are visiting is the right one, and you haven't been redirected to another.
 +
 
 +
Are there any controls in place to mitigate this?  Such as restricting the browser to the configured server. --[[User:Quozl|Quozl]] ([[User talk:Quozl|talk]]) 21:19, 26 May 2015 (EDT)
    
References:
 
References:
 
* http://www.infoworld.com/article/2923879/security/urlspoofing-bug-in-safari-could-enable-phishing-attacks.html
 
* http://www.infoworld.com/article/2923879/security/urlspoofing-bug-in-safari-could-enable-phishing-attacks.html
 
* http://en.wikipedia.org/wiki/Spoofed_URL
 
* http://en.wikipedia.org/wiki/Spoofed_URL

Navigation menu