1,285
edits
Changes
Jump to navigation
Jump to search
Line 29:
Line 29: − + − + + +
→No URL entry box leads to insecurity
:Not possible in an activity, apparently. This is done in the [[Activities/Help|Help]] activity, and the mapping from bundle id to HTML file is also held there. --[[User:Quozl|Quozl]] ([[User talk:Quozl|talk]]) 22:09, 25 May 2015 (EDT)
:Not possible in an activity, apparently. This is done in the [[Activities/Help|Help]] activity, and the mapping from bundle id to HTML file is also held there. --[[User:Quozl|Quozl]] ([[User talk:Quozl|talk]]) 22:09, 25 May 2015 (EDT)
== No URL entry box leads to insecurity ==
== No URL entry box, URL spoofing ==
The embedded browser used by this feature does not show an entry box for the URL. This removes one of the critical security features of web browsers; the ability to verify that the site you are visiting is the right one, and you haven't been redirected to another. --[[User:Quozl|Quozl]] ([[User talk:Quozl|talk]]) 21:19, 26 May 2015 (EDT)
The embedded browser used by this feature does not show an entry box for the URL. This removes one of the critical security features of web browsers; the ability to verify that the site you are visiting is the right one, and you haven't been redirected to another.
Are there any controls in place to mitigate this? Such as restricting the browser to the configured server. --[[User:Quozl|Quozl]] ([[User talk:Quozl|talk]]) 21:19, 26 May 2015 (EDT)
References:
References:
* http://www.infoworld.com/article/2923879/security/urlspoofing-bug-in-safari-could-enable-phishing-attacks.html
* http://www.infoworld.com/article/2923879/security/urlspoofing-bug-in-safari-could-enable-phishing-attacks.html
* http://en.wikipedia.org/wiki/Spoofed_URL
* http://en.wikipedia.org/wiki/Spoofed_URL