Goodies to Go! Newsletter #310
Application Security Testing: An Integral Part of DevOps
Goodies to Go (tm)
November 8, 2004 -- Newsletter # 310
This newsletter is part of the internet.com network.
Featured this week:
* Goodies Thoughts - A Hidden Security
* Q & A Goodies
* News Goodies
* Feedback Goodies
* Windows Tech Goodies
* And Remember This...
The new Beyond HTML Goodies book is now available!
Goodies Thoughts - A Hidden Security Hole
In the interest of security, you have taken those portions of
your website that require your users to type in sensitive information and made a
secure website out of them. You have your certificate in place, and now you can
depend on the encryption in the Secure Sockets Layer (SSL) to keep your user's
information private. Or can you?
I was recently working on some systems for a client when I noticed something that gave me cause for concern. The client has a system (software that is) for capturing contract information as they close sales. Because of the financing requirements of the sale, the information captured includes personal, credit and financial information about the buyers. The system is written to be web-based to enable central support while it is used in various remote locations. Naturally, it's run through SSL.
The general public doesn't have access to the web pages in question. They are protected from search engines by the usual mechanisms; they have obscure URLs; they are password protected and they time themselves out. The company's sales people use these pages in the various sales office the company opens and closes as needed. The offices are usually open for anything from six to eighteen months. The transient nature of the sales offices is another reason for using a web based system. It prevents them from having to maintain software on a collection of computers. Since a web browser is available on pretty much every modern computer, any one will do.
This is where the security problem creeps in, however.
One computer that I looked at had been in use in the office of a support person and was now to be moved to a new sales office. It seems the support person might, on occasions, have used the machine for something slightly outside the confines of normal work use; visiting non-work related websites, downloading music, and the like. Along the way, a considerable amount of spyware had found its way into the system.
To improve the system's performance, I set about removing the spyware. As I did so, I discovered something else in there -- two keyloggers had also found their way in.
Keyloggers are usually installed along with some form of backdoor. Their purpose is to record the keystrokes as they are made on the computer, save them in a file and make the file available to whoever controls the keylogger through its associated backdoor. Having a keylogger watch everything that is typed when a contract is being entered is a very bad idea.
In this particular circumstance, the solution is not too complicated. All the company's computers are now to be protected not only by a strong anti-virus program, but also a strong anti-spyware program.
In other circumstances, such as when a system is to capture personal information from the general public, the operator of the site cannot control what software is in place on the end user's computer. Something to think about!
You can control whether or not you subject your personal information to this risk. You can control your own PC (and I hope you have all needed protection software in place and up to date) and when you are out and about, you can control what you do on other computers. Are the computers in your work place properly protected? If you don't know, maybe you should wait until you get home before typing anything in that you don't want other people to know. You might also want to think about how you use any computer that the public have access to, such as in an internet cafe, or courtesy computers, etc.
A little care can go a long way to protect your valuable information!
Thanks for Reading!
- Vince Barnes
Questions are taken from submissions to our Community Mentors. You can ask a Mentor a question by going to http://www.htmlgoodies.com/mentors.
Q. What's the latest, best method for ensuring that my viewers see only the latest page -- without making them hit Refresh or clear their cache each time?
A. According to Microsoft, the only way to truly prevent caching in Internet Explorer is to use ASP "Response.CacheControl" property which is below. The problem is that the page needs to be an ".asp" page and not a ".html" page. Another thing is that there is no way to completely prevent caching in earlier than 4.01 versions of the Internet Explorer.
Using the <META> tags to prevent caching as far as I can tell is still the best way. Although part of it may or may not work with IE or Netscape, I think you will get the majority of the browsers visiting your site to work the you want it to.
Here is a good artice on the Microsoft website about it:
Here is the ASP code:
<% Response.CacheControl = "no-cache" %>
<% Response.AddHeader "Pragma", "no-cache" %>
<% Response.Expires = -1 %>
A. If you want to reload a document in one frame frome another you could do this:
Then start it by using the onLoad event in the body tag:
This would reload the document in the frame named "framea" every 60,000 miliseconds (1 minute).
Q. How do I make three tables all on the same line with a space between them?
A. You make one large table at 100 percent width and a border of zero, with one row then add your three tables in the large tables <td> tags. Play around with the <td> widths to get the size you need. You can add a couple <td> tags with the code which is just a blank space to make some space between the 3 tables. Here is a example of the code:
<table summary="large table" align="center" width="100%" border="0"
<table summary="Menu Table" width="100%" border="1" cellspacing="0"
<td width="5%"> </td>
<table summary="Main Table" width="100%" border="1" cellspacing="0"
<td width="5%"> </td>
<table summary="New Menu Table" width="100%" border="1"
<tr align="center"><td>New Menu</td></tr>
Q. Is there any way (such as using the "repeat-y" function) to get the background to border down the right as opposed to the left side? also, is there a way to get it to tile down both sides? I am essentially interested in getting the look of a border on both the left and right side of the page, but I want it to appear correctly on all screen resolutions, so of course, making a very long image with the desired left and right backgrounds simply on opposite sides or the image would be impractical.
A. I have one way for this to work; however, it doesn't work in IE 5.5. It does work in NN 6 and above, Mozilla, and Opera.
Add two divs to the bottom of your HTML file:
Then add the following CSS:
border: 1px solid red;
background: url(ava.gif) repeat-y top left fixed; }
border: 1px solid red;
background: url(ava.gif) repeat-y top right fixed; }
This will set backgrounds for the two extra divs in your HTML, and should tile the length of the page. IE 5.5 doesn't recognize the "fixed" property for anything other than background images for the BODY tag, so the extra divs scroll with the page.
A. You could use the onLoad event in the body tag to place focus on the first
box this way:
"form_name" would be the name you gave your form in the form tag and "field_name" would be the name you gave the first box in your "<,input>" tag.
If your form and field do not have a name associated with them then you can use this format: document.forms.elements.focus()
The above refers to the first form and the first element in that form.
Microsoft Settles Antitrust Charges With Novell
[November 8, 2004] Redmond is also slated to make support payments to the computer industry association to forestall any future EU antitrust roadblocks..
Novell Launches Linux on the Desktop
[November 8, 2004] The company debuts its first iteration of the OS for the user's sake.
British Telecom to Buy Infonet
[November 8, 2004] The telecom giant will pay $965 million to gain network assets and customers in North America and Asia-Pacific.
OSRM Tracing Linux Patents in EU
[November 8, 2004] As the EU approaches a vote on software patent law, open source group starts tracing source of Linux patent infringements.
IBM's Blue Gene Supercomputer is For Sale
[November 8, 2004] Shopping for a supercomputer? Big Blue just brought one out of its laboratory.
CommVault's New Wave of Back-up
[November 8, 2004] The back-up and recovery software provider adds new replication, archival and compliance features to its software suite.
The RSS Enclosure Exposure
[November 5, 2004] It's really simple stuff: audio feeds and the rise of RSS.
Amazon.com Hit With 'Recommendation' Suit
[November 8, 2004] A 'submarine patent' surfaces to claim patent infringement for popular feature.
FTC to Congress: Lose the Anti-Spyware Plans
[November 5, 2004] The agency tries to steer Congress away from the creation of more bills it says don't even work..
VZ Wireless Clears More Spectrum
[November 5, 2004] The largest U.S. wireless carrier will pay $3B for airwave rights of bankrupt NextWave.
Every week a site is selected for review. Each week, reviews of the previous week's selected site are chosen for publication on the HTML Goodies website.
The current week's selected site is published in Goodies To
Go and in the Peer Reviews section of the website.
Current contact email addresses for submitting your site and
for submitting reviews are published in Goodies To Go.
If you would like to have your site reviewed, sign up for the Goodies To Go newsletter in the Navigation Bar on the left side of this page.
For full details about this program, see http://www.htmlgoodies.com/peerreviews
Did you ever wish your newsletter was an easy two way communications medium? Ploof! It now is!
If you would like to comment on the newsletter or expand/improve on something you have seen in here, you can now send your input to:
We already receive a lot of email every day. This address will help us sort out those relating specifically to this newsletter from all the rest. When you send email to this address it may wind up being included in this section of the newsletter, to be shared with your fellow readers. Please don't send your questions to this address. They should be sent to our mentors: see http://www.htmlgoodies.com/mentors/
Thanks again for all your feedback!
Business Intelligence with Microsoft SQL Server Reporting Services - Part 2
Adnan Masood continues his discussion of Microsoft SQL Server Analysis services and Microsoft SQL Server Reporting services. In this part, he discusses the steps that go into building more advanced reports.
*** AND ***
The Power of SQL CASE Statements
In this article we'll take a look at the powerful CASE statement, shining light on its utility and usefulness in everyday data-driven Web sites.
And Remember This . . .
On this day in...
1793 La Louvre Art Museum Opened
Originally a palace, the Louvre was begun by King Frances I on the site of an older fortress (built by Phillip II in the 12th century) to house his court and his art collection. Almost all subsequent French Kings made additions to both the Louvre and the royal art collection. By the eighteenth century, however, the French people were calling for the collection to be made accessible to the public. With the French Revolution in 1789 came the first real opportunity to bring about the change and turn the palace into a museum and on this day in 1793 the revolutionary government opened the Musee Central des Arts in the Grande Gallerie of La Louvre.
Both the buildings and the collection have grown considerably since that time, most notably perhaps, with the addition all the art and archeological items seized by Napoleon during his campaigns, and the steel and glass pyramid built by I.M Pei in 1993 for the museum's 200th anniversary.
Today was also the day that in: 1789 Elijah Crqaig in Kentucky distilled the first Bourbon Whiskey (distilled from corn); 1864 Abraham Lincoln was elected to a second term as US President; 1895 Wilhelm Rontgen discovered X-rays; 1892 Grover Cleveland was elected US President; 1904 Thedore Roosevelt was elected US President; 1932 Franklin Delano Roosevelt was elected US President; 1960 John F. Kennedy was elected US President; 1966 actor Ronald Reagan was elected governor of California; 1968 Cynthia Lennon was granted a divorce from John; 1980 the Voyager I space probe discovered the 15th of Saturn's moons; 1987 an Irish Republican Army bomb exploded at the Ulster Remembrance Day Service, killing eleven; 1988 an earthquake killed 900 in China; 1988 George Bush (senior) was elected US President; 1990 Saddam Hussein fired his military chief and threatened to destroy the Arabian peninsular;
Born today were: in 1656 astronomer Sir Edmund Halley; 1900 writer Margaret Mitchell (Gone With The Wind); 1914 actor Norman Lloyd; 1916 actress June Havoc; 1921 actor Gene Saks; 1922 South African surgeon Christiaan Barnard (first heart transplant); 1927 singer Patti Page; 1931 TV newsman Morley Safer; 1949 singer Bonnie Raitt; 1951 TV hostess Mary Hart; 1952 Playboy CEO Christie Heffner; 1954 singer Rickie Lee Jones; 1956 actress Randi Brooks; 1961 singer Leif Garrett; 1967 actress Courtney Thorne-Smith;
Thanks for reading Goodies to Go!
Archive Home Page.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...