The plug-in rewriting URL approach is dangerous.... One of the most severe problems that might be caused by using plug-ins in browsers results from the fact that browsers are not the only technology to make use of URLs. If users find that a URL works in one technology (e.g. browser with plug-in) they may reasonably assume that the URL will work everywhere. If such an assumption is made then the following will be likely points of failure. 1) Links in a web page will fail for browsers without a plug-in 2) Links that are transferred to other technologies may fail. e.g. within PDFs, or emails 3) “Plug-in” domains will not be valid for email addresses (unless the all the email clients get a matching plug-in) 4) Additional confusion will occur if Internationalised TLDs are eventually introduced and they do not precisely match the rules created by the plugin. 5) If International TLDs have the same name as any used by a plug-in, then users with the plug-ins installed will be unable to reach the internationalised TLD. e.g. there is a plugin that maps .CM to .com . if .CM is ever allowed, it will be masked by a plug-in redirecting it to the .com . This opens up a range of phishing opportunities. 6) If the plug-ins can be updated from external “reference” sources, there is potential for them to be used directly for phishing, by directing users to a phishing site set up on a different top-level domain. In short, although such plug-ins may appear helpful in the short term, they may severely disadvantage their users in the future.
Received on Tuesday, 7 August 2007 14:23:05 UTC