Online Documentation Server
 ÏÎÈÑÊ
ods.com.ua Web
 ÊÀÒÅÃÎÐÈÈ
Home
Programming
Net technology
Unixes
Security
RFC, HOWTO
Web technology
Data bases
Other docs

 


 ÏÎÄÏÈÑÊÀ

 Î ÊÎÏÈÐÀÉÒÀÕ
Âñÿ ïðåäîñòàâëåííàÿ íà ýòîì ñåðâåðå èíôîðìàöèÿ ñîáðàíà íàìè èç ðàçíûõ èñòî÷íèêîâ. Åñëè Âàì êàæåòñÿ, ÷òî ïóáëèêàöèÿ êàêèõ-òî äîêóìåíòîâ íàðóøàåò ÷üè-ëèáî àâòîðñêèå ïðàâà, ñîîáùèòå íàì îá ýòîì.




Previous Table of Contents Next

Chapter 34
Security Issues

Security issues are every surfer’s and homestead’s top concerns when surfing the net or posting homepages to it. There are several flavors of security issues. This chapter deals with those related to protecting your private information such as e-mail address, directory structures, user session history, or objects and properties of a loaded page.

History

Netscape Navigator 2.0 was the first browser to include support for JavaScript. The language provided Intranet managers with some very powerful methods to access user information for beneficial purposes. But JavaScript also allowed hackers to use these methods for not-so-beneficial purposes. They intercepted client computer information such as file directories, user history, and even passwords you may have entered to access secure sites. The trade and even popular press were all over Netscape for compromising users’ privacy and security.

Netscape fixed the problems in two versions. Navigator 2.02 took care of the security problems by taking some capabilities off the release. One could no longer capture visitors’ browser history, local file directory listings, or silent e-mail. Navigator 3.0 is better than Navigator 2.02 in error reporting, and is also more verbose in warning you when a loaded document is about to reveal normally secured information.

e-mail Address Security

Navigator 3.0 warns you when a loaded document is about to reveal normally hidden information, even if the trigger for this action is your own action. A classic example is clicking on a Submit button, which, unless you won’t approve it, will reveal your e-mail address to the site’s author. Figure 34-1 shows the e-mail warning you get in this case:


Figure 34-1.  E-mail warning window pops up when you submit a form.

URL to URL Access Security

When you challenge the security of a URL which resides on a different server, an error message pops up, specifying your script’s URL and the URL of the document you are trying to access without permission. Note that you can still load the document from another domain into any of your windows or frames, but you won’t be able to read any information from this document, including its location properties or form element values. Let’s demonstrate this situation, trying to get the title of Yahoo!’s index page, as shown in Example 34-1.

<HTML>
<HEAD>
<TITLE>Security</TITLE>
<SCRIPT LANGUAGE="JavaScript">
<!--
var URL = "http://www.yahoo.com/index.html"
function openYahoo() {
  win = window.open(URL, "win")
}

function alertTitle() {
  alert(win.document.title)
}

// -->
</SCRIPT>
</HEAD>
<BODY>
<FORM>
<INPUT TYPE="button" VALUE="open Yahoo!" onClick="openYahoo()">

<INPUT TYPE="button" VALUE="display title" onClick="alertTitle()">
</FORM>
</BODY>
</HTML>

Example 34-1 (ex34-1.htm). A script that attempts to access properties of a document on a different server.

The alert() function tries to access the title property of Yahoo!’s window document. Figure 34-2 shows the alert box that pops up with an error message, specifying the URLs of both the script and the document for which its security is being challenged.


Figure 34-2.  When challenging document security, an error message shows the URLs of both the offending script and the document.

The Concept of Tainting

Obviously, the security measures make scripters’ lives difficult, especially if a site consists of multiple servers, and documents from different servers need to interact with each other. Security upon demand is Netscape’s answer to scripters’ needs, and is being achieved by the concept of data tainting. This feature allows the page’s publisher to mark the specific properties he or she wants to secure. Data tainting is turned off by default and you can turn it on from within your script, as will be shown later. When data tainting is enabled, JavaScript in one window can see properties of another window, no matter what server the other window’s document was loaded from. However, the author of the other window taints (marks) property values or other data that should be secure or private, and JavaScript cannot pass these tainted values on to any server without the user’s permission. When data tainting is disabled, a script cannot access any properties. Again, notice that the page’s reader has no control on data tainting; it’s the publisher’s exclusive right. Obviously, data tainting is supported only by tainting-enabled browsers.

Tainting terminology applies to both the page author and the browser. The publisher has tainting control over his or her document. The browser must be manually enabled by the individual browser user before it can recognize that data has been tainted. If the browser does not have data tainting enabled, it just ignores the tainting attributes of the document and the access to the document properties is not allowed.

Values derived from tainted data elements are also tainted. If a tainted value is passed to a function, the return value of the function is tainted. If a string is tainted, any of its substrings is tainted. If a script examines a tainted value in an if, for, or while statement, the script itself accumulates taint in what will be explained later under “taint accumulator.”

Enabling Data Tainting

To enable data tainting, the end user sets the NS_ENABLE_TAINT environment variable as follows:

  • On Unix, use the setenv command in csh, setenv NS_ENABLE_TAINT.
  • On Windows, use set in autoexec.bat or NT user settings, SET NS_ENABLE_TAINT=1. Be sure not to include any spaces around the equal sign. The variable applies to all copies of Navigator 3.0 (for different languages).
  • On Macintosh, edit the resource with type “Envi” and number 128 in the Netscape application, by removing the two ASCII slashes “//” before the NS_ENABLE_TAINT text, at the end of the resource.

NS_ENABLE_TAINT can have any value; “1” will do. If the end user does not enable tainting and a script attempts to access properties of a window on another URL, a message is displayed, indicating that access is not allowed. To determine whether tainting is enabled, use the taint- Enabled() method. The following code executes function1() if data tainting is enabled; otherwise it executes function2():

if (navigator.taintEnabled()) {
   function1()
}
else function2()

Previous Table of Contents Next


With any suggestions or questions please feel free to contact us