1,286
edits
Changes
Jump to navigation
Jump to search
Line 32:
Line 32: − − It is possible to escape the configured server; log in, click on search icon, click on help, a search via Google entry box is shown, and the Google search results can be navigated. There is no back button, so if you reach a page that has no links you must close help and open it again. − − Should the browser be restricted to the configured server. --[[User:Quozl|Quozl]] ([[User talk:Quozl|talk]]) 21:31, 26 May 2015 (EDT) + + + +
→No URL entry box, URL spoofing
The embedded browser used by this feature does not show an entry box for the URL. This removes one of the critical security features of web browsers; the ability to verify that the site you are visiting is the right one, and you haven't been redirected to another.
The embedded browser used by this feature does not show an entry box for the URL. This removes one of the critical security features of web browsers; the ability to verify that the site you are visiting is the right one, and you haven't been redirected to another.
References:
References:
* http://www.infoworld.com/article/2923879/security/urlspoofing-bug-in-safari-could-enable-phishing-attacks.html
* http://www.infoworld.com/article/2923879/security/urlspoofing-bug-in-safari-could-enable-phishing-attacks.html
* http://en.wikipedia.org/wiki/Spoofed_URL
* http://en.wikipedia.org/wiki/Spoofed_URL
On Sugar 0.105.1 it is possible to escape the configured server; log in, click on search icon, click on help, a search via Google entry box is shown, and the Google search results can be navigated. There is no back button, so if you reach a page that has no links you must close help and open it again.
Should the browser be restricted to the configured server? --[[User:Quozl|Quozl]] ([[User talk:Quozl|talk]]) 21:31, 26 May 2015 (EDT)