W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

[widgets] View modes security considerations

From: David Rogers <david.rogers@omtp.org>
Date: Tue, 3 Nov 2009 02:10:02 -0000
Message-ID: <4C83800CE03F754ABA6BA928A6D94A0601E5F330@exch-be14.exchange.local>
To: "public-Webapps@w3.org WG" <public-webapps@w3.org>
Hi there,

 

As promised and discussed this afternoon, some basic text for a Security
Considerations section in the widgets view modes spec:

 

 

"

Security Considerations

 

Implementers of this specification are asked to take into account and
design appropriate measures to deal with the following points for the
purpose of user security:

 

Widgets could be intentionally designed to visually dupe or confuse the
user for social engineering purposes. Some methods that could be used to
do this could be:

 

*         widgets that the user cannot see (full-screen invisible
widgets in front of other things on the screen, such as a PIN-code
entry)

*         widgets that have a size smaller than the user can reasonably
see (e.g. a 0.00001 x 0.00001 widget)

*         widgets that have no chrome that could masquerade as some
other existing object on the screen (for example a lock and key)

"

 

Thanks,

 

 

 

David.

 

 

David Rogers
OMTP Director of External Relations 

 
Received on Tuesday, 3 November 2009 02:10:49 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:35 GMT