Chapter 34
Security Issues
Security issues are every surfer’s and homestead’s top concerns when surfing the
net or posting homepages to it. There are several flavors of security issues. This chapter
deals with those related to protecting your private information such as e-mail address,
directory structures, user session history, or objects and properties of a loaded page.
History
Netscape Navigator 2.0 was the first browser to include support for JavaScript. The
language provided Intranet managers with some very powerful methods to access user
information for beneficial purposes. But JavaScript also allowed hackers to use these
methods for not-so-beneficial purposes. They intercepted client computer information such
as file directories, user history, and even passwords you may have entered to access
secure sites. The trade and even popular press were all over Netscape for compromising
users’ privacy and security.
Netscape fixed the problems in two versions. Navigator 2.02 took care of the security
problems by taking some capabilities off the release. One could no longer capture
visitors’ browser history, local file directory listings, or silent e-mail. Navigator
3.0 is better than Navigator 2.02 in error reporting, and is also more verbose in warning
you when a loaded document is about to reveal normally secured information.
e-mail Address Security
Navigator 3.0 warns you when a loaded document is about to reveal normally hidden
information, even if the trigger for this action is your own action. A classic example is
clicking on a Submit button, which, unless you won’t approve it, will reveal your e-mail
address to the site’s author. Figure 34-1 shows the e-mail warning you get in this case:
Figure
34-1. E-mail warning window pops up when you submit a form.
URL to URL Access Security
When you challenge the security of a URL which resides on a different server, an error
message pops up, specifying your script’s URL and the URL of the document you are trying
to access without permission. Note that you can still load the document from another
domain into any of your windows or frames, but you won’t be able to read any information
from this document, including its location properties or form element values. Let’s
demonstrate this situation, trying to get the title of Yahoo!’s index page, as shown in
Example 34-1.
<HTML>
<HEAD>
<TITLE>Security</TITLE>
<SCRIPT LANGUAGE="JavaScript">
<!--
var URL = "http://www.yahoo.com/index.html"
function openYahoo() {
win = window.open(URL, "win")
}
function alertTitle() {
alert(win.document.title)
}
// -->
</SCRIPT>
</HEAD>
<BODY>
<FORM>
<INPUT TYPE="button" VALUE="open Yahoo!" onClick="openYahoo()">
<INPUT TYPE="button" VALUE="display title" onClick="alertTitle()">
</FORM>
</BODY>
</HTML>
Example 34-1 (ex34-1.htm). A script that attempts to access properties of a
document on a different server.
The alert() function tries to access the title property of Yahoo!’s
window document. Figure 34-2 shows the alert box that pops up with an error
message, specifying the URLs of both the script and the document for which its security is
being challenged.
Figure
34-2. When challenging document security, an error message
shows the URLs of both the offending script and the document.
The Concept of Tainting
Obviously, the security measures make scripters’ lives difficult, especially if a
site consists of multiple servers, and documents from different servers need to interact
with each other. Security upon demand is Netscape’s answer to scripters’ needs, and is
being achieved by the concept of data tainting. This feature allows the page’s
publisher to mark the specific properties he or she wants to secure. Data tainting
is turned off by default and you can turn it on from within your script, as will be shown
later. When data tainting is enabled, JavaScript in one window can see properties of
another window, no matter what server the other window’s document was loaded from.
However, the author of the other window taints (marks) property values or other data that
should be secure or private, and JavaScript cannot pass these tainted values on to any
server without the user’s permission. When data tainting is disabled, a script cannot
access any properties. Again, notice that the page’s reader has no control on data
tainting; it’s the publisher’s exclusive right. Obviously, data tainting is supported
only by tainting-enabled browsers.
Tainting terminology applies to both the page author and the browser. The publisher has
tainting control over his or her document. The browser must be manually enabled by the
individual browser user before it can recognize that data has been tainted. If the browser
does not have data tainting enabled, it just ignores the tainting attributes of the
document and the access to the document properties is not allowed.
Values derived from tainted data elements are also tainted. If a tainted value is
passed to a function, the return value of the function is tainted. If a string is tainted,
any of its substrings is tainted. If a script examines a tainted value in an if, for,
or while statement, the script itself accumulates taint in what will be explained
later under “taint accumulator.”
Enabling Data Tainting
To enable data tainting, the end user sets the NS_ENABLE_TAINT environment variable as
follows:
- On Unix, use the setenv command in csh, setenv NS_ENABLE_TAINT.
- On Windows, use set in autoexec.bat or NT user settings, SET NS_ENABLE_TAINT=1.
Be sure not to include any spaces around the equal sign. The variable applies to all
copies of Navigator 3.0 (for different languages).
- On Macintosh, edit the resource with type “Envi” and number 128 in the Netscape
application, by removing the two ASCII slashes “//” before the NS_ENABLE_TAINT
text, at the end of the resource.
NS_ENABLE_TAINT can have any value; “1” will do. If the end user does not
enable tainting and a script attempts to access properties of a window on another URL, a
message is displayed, indicating that access is not allowed. To determine whether tainting
is enabled, use the taint- Enabled() method. The following code executes function1()
if data tainting is enabled; otherwise it executes function2():
if (navigator.taintEnabled()) {
function1()
}
else function2()