In http://msdn.microsoft.com/en-us/library/cc189023(v=vs.95).aspx , What security issues may have if NOT disable events below?
When a Silverlight-based application is in full-screen mode, most keyboard events are disabled. This limitation of keyboard input during full-screen mode is a security feature, and is intended to minimize the possibility of unintended information being entered by a user. In full-screen mode, the only input allowed is through the following keys:
UP ARROW
DOWN ARROW
LEFT ARROW
RIGHT ARROW
SPACEBAR
TAB
PAGE UP
PAGE DOWN
HOME
END
ENTER
One of the things you could do when running full screen is spoofing (immitating) a (windows) log-in box to gather user names and passwords.
By disabling all other keys (other than the ones listed) even when the log-in UI is spoofed the user will not be able to enter his credentials.
EDIT
BTW: you do not need to disable the listed events/keys because there are hardly any security issues involved with these keys. If there is such an issue chances are you will need to disable the mouse too because these keys are very comparable to what can be done by using the mouse.
Related
So, we have a .net 5.0 wpf application which on startup loads a window containing a cef browser. The browser then loads our login form. The application is running on win 10 64 bit machines exclusively. This has worked without a problem for the past 6 months. Yesterday i installed the application on one of our customers' laptops. The installation went down without a hitch, but after the cef browser loaded the login form I was unable to interact with the input fields. By that I mean that if I put my cursor above the text field my cursor changes shape, but upon clicking no cursor would appear inside the text field and anything I typed wouldn't appear in the text filed. Clicking the Login button didn't have the expected effect of telling me that I am missing username and password, instead it moved the trigger areas of all input elements downward while they were still being rendered at the same position as before.
This problem is exclusive to this one machine. All other machines running the application aren't experiencing and never have experienced anything like this so i'm not expecting it to be a bug within cefsharp.
My question is if anyone has had a similar issue or any idea how to workaround it.
CefSharp version being used is 94.4.110.
I need to open alphanumeric google keyboard in Hybrid android application. That particular keyboard is generally come for password field for any android devices. I need a solution for kiosk application. Need to active this alphanumeric keyboard on my kiosk application .
Few details related query.
Using android-19 Kitkat
This the kiosk application specific devices not general android device.
Hybrid application using Apache Corodva.
Need to activate this particular keyboard for all Address fields(text-field).
😎
Do you have that keyboard installed and selected on device ? if yes,
you can open it by one of these ways programmatically:
Forcing the Soft Keyboard open
If you want to select an installed keyboard programatically and your
app has system privileges, use this solution to switch keyboards (
activation ), Take a look on : https://stackoverflow.com/a/33999658/2267723
Since your using Apache Corodva, you could ship a virtual keyboard
(as html5 ) to app. Take a look on
https://mottie.github.io/Keyboard/ to app and when user enters
input, just call back your app with href with mimetype which is
recognized by app.
Other solutions:
Create on-screen keyboard ( Im not talking about custom keyboard )
its just layout as grid of buttons represents inputs.
Attach a physical Bt/USB keyboard.
Use a QR code . that would lead user to web where user can fill that form .. That would be free machine soon 🙂
Our application is a one-page application created using ExtJs. For any user action, the browser tab is never reloaded and all the actions are performed using ajax. A user can open/close multiple ExtJs windows/panels within the same browser tab, and this way everything remains confined to the same browser tab.
Now, we need to integrate payment gateway in the application, which involves redirecting the user to the bank website and having her brought back to our application.
The issue is that when browser redirects the user, then all the application javascript code along with panels and windows get destroyed, and when the user comes back to the application then she finds it to be different from one she left.
As a solution to this, we were thinking of using following two appraoches:
Option 1. Maintaining the state of application - When user leaves for the bank's website then somehow we maintain the state of application - like which windows are opened carrying what data, which variables have which values etc.. and when user returns back, we generate the same application state for her.
Option 2. Have a browser pop-up window for payment gateway - We intend to provide a button which will open a small pop-up window carrying the transaction details, and in this pop-up window the entire payment gateway process will take place taking care of redirection and everything.
Option 1 is proving to be very cumbersome and complicated as maintaining the exact state is not getting feasible.
For Option 2, we are not sure if this is safe and possible?
Has anyone implemented such an approach earlier. Otherwise, what are the other options which we can go for?
Thanks for any help in advance.
I faced the problem and I implemented it using websocket/polling in the main application while a new window pops up for the payment.
After the payment is successful the main application will be notified.
That way each payment runs in it own sandbox totally unbound from the main application which makes maintenance quite easy. Note that our backend create a new session for each payment using the existing one.
I think it is not uncommon to open new windows for payment that's why I decided to go this.
Is it possible to tell an out-of-browser Silverlight app to run in kiosk mode?
I can set it to full screen, but can we disable keystrokes that would allow a user with a keyboard to interact with Windows i.e. ctrl+alt+del, alt+tab, ctrl+esc etc.?
This is for an app that will run in full screen on a touchscreen tablet, most of the time there won't be a keyboard on-screen, but there is a Connect to Facebook function that will pop-up a keyboard for them to use to log-in.
You need to install your application as a trusted Silverlight application. See reference:
http://msdn.microsoft.com/en-us/library/cc189023(v=vs.95).aspx
Full-Screen Mode with Trusted Applications
The full-screen message, user-initiation requirement, keyboard restrictions, and dialog-box restrictions do not apply to trusted applications. Additionally, trusted applications do not display the user-consent dialog box when using the StaysFullScreenWhenUnfocused setting.
In trusted applications, you can enter full-screen mode in a Application.Startup or FrameworkElement.Loaded event handler. However, you must do so by setting the IsFullScreen property in a delegate passed to the Dispatcher.BeginInvoke method.
Because the ESC key has no built-in effect for trusted applications, you can use it for your own purposes. In this case, you should implement and document an alternative so that users can exit full-screen mode.
Our application uses a webbrowser control on a form to navigate to our website when a certain action is performed on our 'text-based' legacy application.
All was fine in IE5, 6 and 7 but now it appears IE8 shares session cookies not only between tabs in the same intance but also between all instances. This is a major bother if a user wants to have two separate instances looking at different client details at the same time.
One can disable the latter behaviour by starting IE with the command line switch -nomerge.
Does anybody know how we can achieve the same effect programatically with the WebBrowser control?
Thanks in advance chaps.