- From: Tyler Close <tyler.close@gmail.com>
- Date: Mon, 14 Dec 2009 16:30:15 -0800
- To: Maciej Stachowiak <mjs@apple.com>
- Cc: Adam Barth <w3c@adambarth.com>, Jonathan Rees <jar@creativecommons.org>, "Mark S. Miller" <erights@google.com>, Jonas Sicking <jonas@sicking.cc>, Arthur Barstow <Art.Barstow@nokia.com>, Ian Hickson <ian@hixie.ch>, Anne van Kesteren <annevk@opera.com>, public-webapps <public-webapps@w3.org>
On Mon, Dec 14, 2009 at 3:04 PM, Maciej Stachowiak <mjs@apple.com> wrote: > > On Dec 14, 2009, at 2:38 PM, Adam Barth wrote: > >> On Mon, Dec 14, 2009 at 2:13 PM, Tyler Close <tyler.close@gmail.com> >> wrote: >>> >>> For example, the >>> User Consent Phase and Grant Phase above could be replaced by a single >>> copy-paste operation by the user. >> >> Any design that involves storing confidential information in the >> clipboard is insecure because IE lets arbitrary web sites read the >> user's clipboard. You can judge that to be a regrettable choice by >> the IE team, but it's just a fact of the world. > > Information that's copied and pasted is highly likely to leak in other ways > than just the IE paste behavior. For example, if it looks like a URL, users > are likely to think it's a good idea to do things like share the URL with > their friends, or to post it to a social bookmark site, or to Twitter it, or > to send it in email. Even if it does not look like a URL, users may think > they need to save it (likely somewhere insecure) so they don't forget. I think the user would only be tempted to post the URL to the world if the returned representation was interesting to talk about. That doesn't need to be the case. In any case, like I said earlier, if you think copy-paste is evil, I've provided alternate designs that avoid it. --Tyler -- "Waterken News: Capability security on the Web" http://waterken.sourceforge.net/recent.html
Received on Tuesday, 15 December 2009 00:30:49 UTC