On Mon, Mar 26, 2012 at 3:24 PM, ianG <[email protected]> wrote:
> I'm not sure think the average user really understands any of the above.
>  Java?  Flash?

It seems to me (on an anecdotal level) that users are pretty aware of
Flash. Users who have had to install Java to use their bank know about
Java.

Of course, I don't have data about "average". I doubt you have either.

> They are more likely just to click on "enable everything for
> this site!" and move on.

So don't provide that option. Only provide the option to enable
plug-ins of this type on this site. It's rare enough for a single site
to use both Flash and Java, so it makes sense to enable only plug-ins
of one type as part of an "Always do this" command and leave the
others click-to-play as a defense against server compromises leading
to unexpected plug-ins appearing on a perma-authorized site.

-- 
Henri Sivonen
[email protected]
http://hsivonen.iki.fi/
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security

Reply via email to