Talk:Features/Social Help: Difference between revisions
→No URL entry box leads to insecurity: new section |
|||
| Line 29: | Line 29: | ||
:Not possible in an activity, apparently. This is done in the [[Activities/Help|Help]] activity, and the mapping from bundle id to HTML file is also held there. --[[User:Quozl|Quozl]] ([[User talk:Quozl|talk]]) 22:09, 25 May 2015 (EDT) | :Not possible in an activity, apparently. This is done in the [[Activities/Help|Help]] activity, and the mapping from bundle id to HTML file is also held there. --[[User:Quozl|Quozl]] ([[User talk:Quozl|talk]]) 22:09, 25 May 2015 (EDT) | ||
== No URL entry box | == No URL entry box, URL spoofing == | ||
The embedded browser used by this feature does not show an entry box for the URL. This removes one of the critical security features of web browsers; the ability to verify that the site you are visiting is the right one, and you haven't been redirected to another. --[[User:Quozl|Quozl]] ([[User talk:Quozl|talk]]) 21:19, 26 May 2015 (EDT) | The embedded browser used by this feature does not show an entry box for the URL. This removes one of the critical security features of web browsers; the ability to verify that the site you are visiting is the right one, and you haven't been redirected to another. | ||
Are there any controls in place to mitigate this? Such as restricting the browser to the configured server. --[[User:Quozl|Quozl]] ([[User talk:Quozl|talk]]) 21:19, 26 May 2015 (EDT) | |||
References: | References: | ||
* http://www.infoworld.com/article/2923879/security/urlspoofing-bug-in-safari-could-enable-phishing-attacks.html | * http://www.infoworld.com/article/2923879/security/urlspoofing-bug-in-safari-could-enable-phishing-attacks.html | ||
* http://en.wikipedia.org/wiki/Spoofed_URL | * http://en.wikipedia.org/wiki/Spoofed_URL | ||