W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

[widgets] View modes security considerations

From: David Rogers <david.rogers@omtp.org>
Date: Tue, 3 Nov 2009 02:10:02 -0000
Message-ID: <4C83800CE03F754ABA6BA928A6D94A0601E5F330@exch-be14.exchange.local>
To: "public-Webapps@w3.org WG" <public-webapps@w3.org>
Hi there,


As promised and discussed this afternoon, some basic text for a Security
Considerations section in the widgets view modes spec:




Security Considerations


Implementers of this specification are asked to take into account and
design appropriate measures to deal with the following points for the
purpose of user security:


Widgets could be intentionally designed to visually dupe or confuse the
user for social engineering purposes. Some methods that could be used to
do this could be:


*         widgets that the user cannot see (full-screen invisible
widgets in front of other things on the screen, such as a PIN-code

*         widgets that have a size smaller than the user can reasonably
see (e.g. a 0.00001 x 0.00001 widget)

*         widgets that have no chrome that could masquerade as some
other existing object on the screen (for example a lock and key)










David Rogers
OMTP Director of External Relations 

Received on Tuesday, 3 November 2009 02:10:49 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:20 UTC