All valid arguments. And I'm sure I don't know any of the grizzly
stories about how Java is/was being used for fraud.
It's a hoist petard situation -- damned if you do -- damned if you don't.
Having Java become suspect as an easy tool for fraud certainly won't do
us developers any good. Yet people object to having their precious fullscreen
so rudely violated.
I'll meander over to the security and awt talklists and see what I can see.
And it's a banner not a status bar...
[EMAIL PROTECTED] wrote:
Hi Ken,
The problem is you have to think of all of this from a different perspective. Don't
think "I'm a nice responsible developer who wants to make a pretty app"...
Think "I'm an identity stealer and I want to fool the user into giving me their
credit cards and other personal information".
A disclaimer for the following text. We aren't security experts here on the
Java2D forum. We just like to draw pretty pictures. I'll give some
clarifications below to make sure you've considered the possibilities that I'm
aware of that led to the creation of the applet banner, but I don't want to
launch into a debate here in this forum on the issues. Probably the best place
to discuss issues related to Java security and windows would be either the AWT
or the security areas. Java2D isn't involved at all in putting the warning up
(we probably don't even render it as it is likely a native component).
What I would suggest is putting a small 16x16 Java
icon
in the upper left corner of the full screen window.
That's
he conventional place for identification via icons.
And
erhaps clicking on the icon could escape fullscreen
exclusive mode.
Consider how this looks to a user on an identity stealing page. "Oh, how nice that
these nice folks at PayPalSecurity.NG implemented their Identity Verification page in
Java. Someone should talk to them about their grammar, though - it's atrocious."
There needs to be a clear message that tells uninformed users not to provide any identity
information, not just "this is Java" since few people outside of our developer
communities really understands what Java can do for fraud perpetrators.
The idea of a status bar is not evil. But it should
be under the control of the programmer. The
visibility,
color, message should be under the control of the
applet.
I'm sure the folks at "SeeNigeria.net" would love to control how that status bar looks.
Perhaps a nice "black text on black background" color scheme would be prettier - tone on
tone is such a big fashion statement these days. ;-)
The status bar could be enabled for other
purposes like a menu bar or tool bar. Then there
would be some
useful purpose to it that would override the
annoyance factor.
In some sense, "the annoyance factor" is its main advantage when it comes to
security.
Also, there should be a choice of top or bottom
or invisible. If invisible, then show the icon in
the upper
left corner.
Again, if we don't do this banner, then we need something that is an obstacle
to identity theft. We aren't the experts on these issues here in the Java2D
forum - you should probably raise the discussion as to what the security banner
does and what better or alternate solutions could provide the same benefits on
either the Security or AWT forums...
...jim
[Message sent by forum member 'flar' (flar)]
http://forums.java.net/jive/thread.jspa?messageID=248338
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff JAVA2D-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff JAVA2D-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
