We're developing a web-based app that need microphone and camera permission to operate. Once the user rejects those permissions (even unintentionally) there is currently no way or at least we don't see it to prompt different browsers to again display the permissions box and to overwrite the existing choices that were made.
What are the options here to somehow force the browser or to circumvent the settings so the user can give the permission?
The problem with the users is that they simply don't know how to deal with this kind of browser options.
You could try to make the user very aware that their choice is important so maybe they will not deny the request?
Related
According to the MSAL documentation, the redirect method is recommended if you want to support IE or if users have browser constraints or policies where pop-ups windows are disabled.
You can't use both the pop-up and redirect methods in your
application. The choice between a pop-up or redirect experience
depends on your application flow:
If you don't want users to move away from your main application page during authentication, we recommended the pop-up method. Because the authentication redirect happens in a pop-up window, the state of the main application is preserved.
If users have browser constraints or policies where pop-ups windows are disabled, you can use the redirect method. Use the redirect method with the Internet Explorer browser, because there are known issues with pop-up windows on Internet Explorer.
Based on that, I can't imagine why anyone would want to use the popup experience since it may block users who have popups disabled from signing in. Seems like this is available only for web apps that are run in a very controlled environment. Is there something I'm missing?
One common reason to choose popups over redirects is that redirects can only be used in the top frame of your application. If your application is rendered in an iframe, popups are your only option for interactive auth. Besides that limitation, it's mostly a UX decision.
Apart from all the other typical security best practices I'm wondering about this, since I lately read some articles talking about how browser extensions can spy anything their user does. So that we shouldn't trust them.
Therefore in order to give users and additional layer of protection should I process all users credential and sensitive info inside an iframe inside my webpages?
Can content inside a sandboxed iframe be read/spied by browser
extensions?
Yes
Could I use iframe to secure user credentials?
Quick answer, no.
When a user installs a chrome extension the extension can do basically anything in the website to access the user credentials. The extension has also access to the iframes that the page generates.
My proposed solutions to overcome this two issues and keep the website feel "secure" are the following:
If the end goal is to secure the content that your user will put in the website, and by no mean you want to let the user put content if there are other kind of extensions running in the page, what you can put is some kind of pop up in the page blocking the access to the user until he is accessing the website without extensions.
Another solution you could propose to the user is to go incognito mode, as there are many options to disallow extensions in incognito without having to force him to uninstall all of the extensions that he has on his browser. This could also make less users leave your page, as if you force him to uninstall of the extensions on his browser it might make him leave your page if it's not a clear enough reason for him.
If you do know which are the extensions that shouldn't be blocked or prevented because they are harmful or known to have some kind of shady behaviour, what you can do is checkout if the user has them installed with this solution Checking if user has a certain extension installed and then print a message to him saying he can't continue until he uninstalls those extensions.
I was wondering if it's possible to capture a screenshot and/or record my computer screen(s) via a website?
If it is possible, what languages would I need to learn/code? I already have intermediate knowledge of HTML, CSS, JavaScript, jQuery, and PHP.
In other words: I want to have the ability to capture/record my screen (not the website) via using a website (not an application).
Thanks!
This is not possible. Web sites are very deliberately given only restricted access to your computer for security reasons. Imagine the havoc that could result if a malicious web site were able to see and capture what was on your screen--banking information, your confidential e-mails, etc. Even if the user had to give permission for this level of access, it would still be way too easy to trick a user into giving that permission.
The closest I could find/think of was http://www.screencast-o-matic.com/screen_recorder, but even then you have to download a launch plugin. I agree with #DLH. This is for your protection.
My favorite screen recorder is ScreenPresso - it is always running in background, and repurposed the PrtScn button as its launch key.
I know I can set permissions of a j2me application before launching it ask first time or whatever for SMS, Read and Write. What I want to do is how can I access these options after launching the application from inside the app (no matter yet my app is not signed). I just want to get access to these permissions pragmatically, I tried to see few examples but they differ a lot, does anybody know about this? Thanks
Figured it out that it's not possible to get permissions settings inside J2me application, the best and only solution is to SIGN your application and on start it will ask for permissions.
We have a .Net application that is used for editing/rendering customized HTML documents. It is hosted in IE using the AxSHDocVw.AxWebBrowser controls. We proceed with navigating to "about:blank" page initially then we change the Document by writing our custom values into it. The problem we are facing is the call to IHTMLTxtRange.execCommand("Copy",false,null) is failing if we don't enable the IE Security Settings in the Internet Security zone (Scripting->Allow Programmatic Access to Clipboard ).
In order to bypass the security setting ,I tried to point to a local html file initially while navigating. But this fails as soon as I modify the Document.
I want to use the IHTMLTxtRange.execCommand("Copy",false,null) command so that I can customize our Copy/Paste operations.
Is there any other way I can do this.
Please share your ideas inorder to overcome this situation.
Thanks.
Sriram
Try implement IInternetSecurityManager on your webbrowser control host, handle URLACTION_SCRIPT_PASTE in ProcessUrlAction.
Note there is a bug in earlier versions of IE that causes the webbrowser to ignore host's URLACTION_SCRIPT_PASTE handling.
As far as I know, there is no way to do that without user permission. Its a security/privacy loophole to allow access to clipboard, and its natural that browsers are protective about it.
You have already tried out ActiveX, and it doesn't work
With Flash, you can interact with system clipboard - but only if its a part of an event handler. See Flash Player 10 Security.
Javascript doesn't expose a way to access the clipboard.
Not sure about silverlight, but I am guessing it would also restrict access to clipboard.
In short, the user has to explicitly give your application/website permission to access clipboard.