[whatwg] Need UNIFIED UI for web browser plugin security settings. from Biju on 2009-07-04 (public-whatwg-archive@w3.org from July 2009)

From: Biju <bijumaillist@gmail.com>
Date: Sat, 4 Jul 2009 16:55:32 -0400
Message-ID: <4a27dd80907041355v118ad52fua2ce26095a40c698@mail.gmail.com>

A web browser with plugin is supposed to work as a seamless integrated
single system.
But they are not for security setting UI. Each comes up with their own
UI to confuse users.

Example:-
1. Adobe PDF reader
I have disabled "mailto" URL handler in my firefox setting.
But if click "mailto" URL in an embedded PDF on a webpage viewed using
an Adobe PDF reader plugin, it launches.

2. OpenOffice.org
Firefox by default disabled file:// URL from a internet/intranet webpage.
But a file URL from a link on an embedded OpenOffice document will launch.
OOo will even launch a file:// URL for an EXECUTABLE.
Will it launch remote http:// URL for an executable, I need to check it.

3. Adobe Flash player
Flash player comes with a cute little screen for security control.
So if a child is browsing a site with flash,
it is very tentative for them to change setting if the security control popsup.


4. Sun Java
Java comes with MODAL security settings screen.
Asking "Do you trust?" like the MicroSoft ActiveX
With no indication for what to trust.
And people always press the easy button without reading fully on a MODAL screen.

So in browsers, we need a UNIFIED UI for plugin security settings.
1. Plugin makers should use browser UI, and not their own.
2. It should not be cute.
3. It should not be MODAL
4. It must be specific.
5. It should explain what site is can/about to do.

Here is sample of possible options
1. Do you want to allow www.example.com to read local files
   [ ] No
   [ ] Just c:\file\path\filename.ext
   [ ] Any file under folder c:\file\  <change folder>
          [ ] remember settings

2. Do you want to allow www.example.com to write on local drive
   [ ] No
   [ ] Just c:\file\path\filename.ext
   [ ] Any file under folder c:\file\  <change folder>
          [ ] remember settings

3. Do you want to allow www.example.com to access camera
   [ ] No
   [ ] Still picture
   [ ] take Video

   Which cameras
      [ ] camera 1
      [ ] camera 2
      [ ] camera 3

          [ ] remember settings


4. Do you want to allow www.example.com to access Microphone
   [ ] No
   [ ] Yes
          [ ] remember settings


5. Do you want to allow application from www.example.com to access
other sites, including intranet
   [ ] No
   [ ] Yes
          [ ] remember settings


6. Do you want to allow application from www.example.com to run on
your system like a server, ie by accessing the system TCP/IP port
   [ ] No
   [ ] Yes
          [ ] remember settings

Received on Saturday, 4 July 2009 13:55:32 UTC