Hi Ken, The problem is you have to think of all of this from a different perspective. Don't think "I'm a nice responsible developer who wants to make a pretty app"...
Think "I'm an identity stealer and I want to fool the user into giving me their credit cards and other personal information". A disclaimer for the following text. We aren't security experts here on the Java2D forum. We just like to draw pretty pictures. I'll give some clarifications below to make sure you've considered the possibilities that I'm aware of that led to the creation of the applet banner, but I don't want to launch into a debate here in this forum on the issues. Probably the best place to discuss issues related to Java security and windows would be either the AWT or the security areas. Java2D isn't involved at all in putting the warning up (we probably don't even render it as it is likely a native component). > What I would suggest is putting a small 16x16 Java > icon > in the upper left corner of the full screen window. > That's > he conventional place for identification via icons. > And > erhaps clicking on the icon could escape fullscreen > exclusive mode. Consider how this looks to a user on an identity stealing page. "Oh, how nice that these nice folks at PayPalSecurity.NG implemented their Identity Verification page in Java. Someone should talk to them about their grammar, though - it's atrocious." There needs to be a clear message that tells uninformed users not to provide any identity information, not just "this is Java" since few people outside of our developer communities really understands what Java can do for fraud perpetrators. > The idea of a status bar is not evil. But it should > be under the control of the programmer. The > visibility, > color, message should be under the control of the > applet. I'm sure the folks at "SeeNigeria.net" would love to control how that status bar looks. Perhaps a nice "black text on black background" color scheme would be prettier - tone on tone is such a big fashion statement these days. ;-) > The status bar could be enabled for other > purposes like a menu bar or tool bar. Then there > would be some > useful purpose to it that would override the > annoyance factor. In some sense, "the annoyance factor" is its main advantage when it comes to security. > Also, there should be a choice of top or bottom > or invisible. If invisible, then show the icon in > the upper > left corner. Again, if we don't do this banner, then we need something that is an obstacle to identity theft. We aren't the experts on these issues here in the Java2D forum - you should probably raise the discussion as to what the security banner does and what better or alternate solutions could provide the same benefits on either the Security or AWT forums... ...jim [Message sent by forum member 'flar' (flar)] http://forums.java.net/jive/thread.jspa?messageID=248338 =========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff JAVA2D-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
