# Friday, 03 August 2007

As I stated before in my post about Citibank's INSANE security features, sometimes being TOO secure just ends up frustrating the users. Here's another example of security that *might* be a bit too much.

A Silverlight plugin is able to go into fullscreen mode and basically fully takeover the display of your system. Therefore in order to ensure that people aren't able to easily spoof you  into thinking you're actually visiting your bank's website or anything like that... well I'll just paste the paragraph from the docs.

Once a Silverlight plugin is displayed in full-screen mode, keyboard events are prevented from being passed on to keyboard event handlers in the application. The only valid keyboard input that is acted upon is the set of keystrokes that return the Silverlight plugin to embedded mode. This limitation of keyboard input during full-screen mode is a security feature, and is intended to minimize the possibility of unintended information being entered by a user.

In english it basically means that when the Silverlight plugin is in fullscreen mode, all keyboard input is disabled. Drastic? YES. The scary part about this is that, I actually think it's a GOOD idea, cause it basically means the user won't be presented with a screen where they think they're logging into the bank and then just merrily key in their username and password.

Yes, they could just present the user with a soft keyboard but hopefully the user's are smart enough to realise that they keyboard isn't working at all so something must be up.

Would you rather there be a constant watermark when Silverlight is in fullscreen mode to tell people they're viewing a plugin and not their actual desktop?

Note that you can Post As GUEST as well.
blog comments powered by Disqus