On Mon, Mar 26, 2012 at 3:24 PM, ianG <[email protected]> wrote: > I'm not sure think the average user really understands any of the above. > Java? Flash?
It seems to me (on an anecdotal level) that users are pretty aware of Flash. Users who have had to install Java to use their bank know about Java. Of course, I don't have data about "average". I doubt you have either. > They are more likely just to click on "enable everything for > this site!" and move on. So don't provide that option. Only provide the option to enable plug-ins of this type on this site. It's rare enough for a single site to use both Flash and Java, so it makes sense to enable only plug-ins of one type as part of an "Always do this" command and leave the others click-to-play as a defense against server compromises leading to unexpected plug-ins appearing on a perma-authorized site. -- Henri Sivonen [email protected] http://hsivonen.iki.fi/ _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
