W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2014

Re: [clipboard] Semi-Trusted Events Alternative

From: Jeffrey Walton <noloader@gmail.com>
Date: Sat, 26 Jul 2014 10:09:02 -0400
Message-ID: <CAH8yC8kj+UxeJBS6h5aYLAyVAB2eUCzBuA9g+4TV8hQazZt1Fw@mail.gmail.com>
To: Perry Smith <pedzsan@gmail.com>
Cc: public-webapps@w3.org
On Sat, Jul 26, 2014 at 9:34 AM, Perry Smith <pedzsan@gmail.com> wrote:
>
> On Jul 26, 2014, at 8:26 AM, Jeffrey Walton <noloader@gmail.com> wrote:
>
>> On Sat, Jul 26, 2014 at 9:19 AM, Perry Smith <pedzsan@gmail.com> wrote:
>>> Sorry if this is a lame question but I never understood the dangers of Copy and Paste that the web is trying to avoid.  Can someone explain that to me?
>>>
>> Its a point of data egress. You don't want sensitive information from
>> one program scraped and egressed by another.
>>
>> The first program could be a browser and the second program could be
>> malware. In this case, the malware looks for data placed on the
>> clipboard by the browser (and hopes to get a username, password,
>> sensitive document, etc).
>>
>> Or, it could be another program with the browser scraping the data and
>> hauling it off to a site.
>
> I thought about that.  So it is not so much the Copy and Paste operations as much as being able to get the content of the clipboard. ?
>
Yes, I believe so. The clipboard is a shared resource with little to
no restrictions.

One of the check boxes on a security evaluation is how a program
handles the clipboard and copy/paste (or at least the ones I used when
doing security architecture work). Its one of those dataflows that
could be part of a higher then expected data sensitivity, like a
single sign-on password.

Also, "data egress" may have been a bad choice. In this case, I think
its more about "data collection". Its hard to stop a web browser from
opening a socket ;)

Two addition clipboard features that would be nice are: (1) a "one
shot" copy/paste: delete the password from the clipboard after
retrieving it from he password manager and pasting it into a password
box; and (2) "timed" copy/paste: expire the data after 10 seconds or
so. Both should allow the legitimate use cases, and narrow the window
for the abuse cases.

Jeff
Received on Saturday, 26 July 2014 14:09:28 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:26 UTC