Goodies to Go ™
November 8, 2004 — Newsletter # 310
This newsletter is part of the internet.com network.
http://www.internet.com
Featured this week:
* Goodies Thoughts – A Hidden Security
Hole
* Q & A Goodies
* News Goodies
* Feedback Goodies
* Windows Tech Goodies
* And Remember This…
Goodies Announcement
The new Beyond HTML Goodies book
is now available!
Go beyond the basics
and learn how the pros add and use dynamic HTML features and advanced
JavaScript techniques. Beyond HTML Goodies demonstrates dozens of new and
different features readers can add to their existing Web pages using HTML and
JavaScript. The book starts with simple text and image tips, such as adding a
clock to a Web page or causing text to appear when the mouse moves over an
image. It gradually builds to more complex tricks, including manipulating forms
or working with cookies behind the scenes. Throughout the book, readers enjoy
Joe’s snappy style and “to the point” discussion of each “goody” in the book.
http://books.internet.com/books/0789727803
Goodies Thoughts – A Hidden Security Hole
In the interest of security, you have taken those portions of
your website that require your users to type in sensitive information and made a
secure website out of them. You have your certificate in place, and now you can
depend on the encryption in the Secure Sockets Layer (SSL) to keep your user’s
information private. Or can you?
I was recently working on some systems for a client when I noticed something
that gave me cause for concern. The client has a system (software that is) for
capturing contract information as they close sales. Because of the financing
requirements of the sale, the information captured includes personal, credit and
financial information about the buyers. The system is written to be web-based to
enable central support while it is used in various remote locations. Naturally,
it’s run through SSL.
The general public doesn’t have access to the web pages in question. They are
protected from search engines by the usual mechanisms; they have obscure URLs;
they are password protected and they time themselves out. The company’s sales
people use these pages in the various sales office the company opens and closes
as needed. The offices are usually open for anything from six to eighteen
months. The transient nature of the sales offices is another reason for using a
web based system. It prevents them from having to maintain software on a
collection of computers. Since a web browser is available on pretty much every
modern computer, any one will do.
This is where the security problem creeps in, however.
One computer that I looked at had been in use in the office of a support person
and was now to be moved to a new sales office. It seems the support person
might, on occasions, have used the machine for something slightly outside the
confines of normal work use; visiting non-work related websites, downloading
music, and the like. Along the way, a considerable amount of spyware had found
its way into the system.
To improve the system’s performance, I set about removing the spyware. As I did
so, I discovered something else in there — two keyloggers had also found their
way in.
Keyloggers are usually installed along with some form of backdoor. Their purpose
is to record the keystrokes as they are made on the computer, save them in a
file and make the file available to whoever controls the keylogger through its
associated backdoor. Having a keylogger watch everything that is typed when a
contract is being entered is a very bad idea.
In this particular circumstance, the solution is not too complicated. All the
company’s computers are now to be protected not only by a strong anti-virus
program, but also a strong anti-spyware program.
In other circumstances, such as when a system is to capture personal information
from the general public, the operator of the site cannot control what software
is in place on the end user’s computer. Something to think about!
You can control whether or not you subject your personal information to this
risk. You can control your own PC (and I hope you have all needed protection
software in place and up to date) and when you are out and about, you can
control what you do on other computers. Are the computers in your work place
properly protected? If you don’t know, maybe you should wait until you get home
before typing anything in that you don’t want other people to know. You might
also want to think about how you use any computer that the public have access
to, such as in an internet cafe, or courtesy computers, etc.
A little care can go a long way to protect your valuable information!
Thanks for Reading!
– Vince Barnes
Q & A Goodies
Questions are taken from submissions to our Community Mentors. You can ask a Mentor a question by going to
https://www.htmlgoodies.com/mentors.
Q. What’s the latest, best method for ensuring that my viewers see only the
latest page — without making them hit Refresh or clear their cache each time?
A. According to Microsoft, the only way to truly prevent caching in Internet
Explorer is to use ASP "Response.CacheControl" property which is below. The
problem is that the page needs to be an ".asp" page and not a ".html" page.
Another thing is that there is no way to completely prevent caching in earlier
than 4.01 versions of the Internet Explorer.
Using the <META> tags to prevent caching as far as I can tell is still the best
way. Although part of it may or may not work with IE or Netscape, I think you
will get the majority of the browsers visiting your site to work the you want it
to.
Here is a good artice on the Microsoft website about it:
http://support.microsoft.com/kb/234067/EN-US/
Here is the ASP code:
<% Response.CacheControl = "no-cache" %>
<% Response.AddHeader "Pragma", "no-cache" %>
<% Response.Expires = -1 %>
Q. My website uses frames and I was wondering if there was a code (which
I was gussing uses Javascript) that refreshes a page/frame automatically every X
minutes?
A. If you want to reload a document in one frame frome another you could
do this:
<script language="javascript">
function doReload()
{
parent.framea.location.reload()
setTimeout(‘doReload()’,60000)
}
</script>
Then start it by using the onLoad event in the body tag:
<body onload="setTimeout(‘doReload()’,60000)">
This would reload the document in the frame named "framea" every 60,000
miliseconds (1 minute).
Q. How do I make three tables all on the same line with a space between
them?
A. You make one large table at 100 percent width and a border of zero,
with one row then add your three tables in the large tables <td> tags. Play
around with the <td> widths to get the size you need. You can add a couple <td>
tags with the code which is just a blank space to make some space between
the 3 tables. Here is a example of the code:
<table summary="large table" align="center" width="100%" border="0"
cellspacing="0" cellpadding="0">
<tr>
<td width="30%">
<table summary="Menu Table" width="100%" border="1" cellspacing="0"
cellpadding="0">
<tr align="center"><td>Menu</td></tr>
</table>
</td>
<td width="5%"> </td>
<td width="30%">
<table summary="Main Table" width="100%" border="1" cellspacing="0"
cellpadding="0">
<tr align="center"><td>Main</td></tr>
</table>
</td>
<td width="5%"> </td>
<td width="30%">
<table summary="New Menu Table" width="100%" border="1"
cellspacing="0" cellpadding="0">
<tr align="center"><td>New Menu</td></tr>
</table>
</td>
</tr>
</table>
Q. Is there any way (such as using the "repeat-y" function) to get the
background to border down the right as opposed to the left side? also, is there
a way to get it to tile down both sides? I am essentially interested in getting
the look of a border on both the left and right side of the page, but I want it
to appear correctly on all screen resolutions, so of course, making a very long
image with the desired left and right backgrounds simply on opposite sides or
the image would be impractical.
A. I have one way for this to work; however, it doesn’t work in IE 5.5.
It does work in NN 6 and above, Mozilla, and Opera.
Add two divs to the bottom of your HTML file:
<div id="left"></div>
<div id="right"></div>
Then add the following CSS:
#left {
position: fixed;
top: 0;
left: 0;
width: 100px;
height: 100%;
border: 1px solid red;
margin: 0;
padding: 0;
background: url(ava.gif) repeat-y top left fixed; }
#right {
position: fixed;
top: 0;
right: 0;
width: 100px;
height: 100%;
border: 1px solid red;
margin: 0;
padding: 0;
background: url(ava.gif) repeat-y top right fixed; }
This will set backgrounds for the two extra divs in your HTML, and should tile
the length of the page. IE 5.5 doesn’t recognize the "fixed" property for
anything other than background images for the BODY tag, so the extra divs scroll
with the page.
Q. I made a small "form" type page with 3 boxes in which to type data. I
am trying to figure out how to make that page open with the cursor already
located in box #1, instead of having to hit Tab 2 or 3 times. The form is
written in HTML, but I’m assuming that I will need to use JavaScript to
accomplish this.
A. You could use the onLoad event in the body tag to place focus on the
first
box this way:
<body onLoad="document.form_name.field_name.focus()">
"form_name" would be the name you gave your form in the form tag and "field_name"
would be the name you gave the first box in your "<,input>" tag.
If your form and field do not have a name associated with them then you can use
this format: document.forms[0].elements[0].focus()
The above refers to the first form and the first element in that form.
News Goodies
Microsoft Settles Antitrust Charges With Novell
[November 8, 2004] Redmond is also slated to make support
payments to the computer industry association to forestall any
future EU antitrust roadblocks..
Click
here to read the article
Novell Launches Linux on the Desktop
[November 8, 2004] The company debuts its first iteration of the
OS for the user’s sake.
Click here to read the article
British Telecom to Buy Infonet
[November 8, 2004] The telecom giant will pay $965 million to gain network
assets and customers in North America and Asia-Pacific.
Click
here to read the article
OSRM Tracing Linux Patents in EU
[November 8, 2004] As the EU approaches a vote on software
patent law, open source group starts tracing source of Linux
patent infringements.
Click here to read the article
IBM’s Blue Gene Supercomputer is For Sale
[November 8, 2004] Shopping for a supercomputer? Big Blue
just brought one out of its laboratory.
Click here to read the article
CommVault’s New Wave of Back-up
[November 8, 2004] The back-up and recovery software provider adds new
replication, archival and compliance features to its software suite.
Click here to read the article
The RSS Enclosure Exposure
[November 5, 2004] It’s really simple stuff: audio feeds and the rise of RSS.
Click here to read the article
Amazon.com Hit With ‘Recommendation’ Suit
[November 8, 2004] A ‘submarine patent’ surfaces to claim patent
infringement for popular feature.
Click here to read the article
FTC to Congress: Lose the Anti-Spyware Plans
[November 5, 2004] The agency tries to steer Congress away from the creation
of more bills it says don’t even work..
Click here to read the article
VZ Wireless Clears More Spectrum
[November 5, 2004] The largest U.S. wireless carrier will pay $3B for
airwave rights of bankrupt NextWave.
Click here to read the article
Every week a site is selected for review. Each week,
reviews of the previous week’s selected site are chosen for
publication on the HTML Goodies website.
The current week’s selected site is published in Goodies To
Go and in the Peer Reviews section of the website.
Current contact email addresses for submitting your site and
for submitting reviews are published in Goodies To Go.
If you would like to have your site reviewed, sign up for
the Goodies To Go newsletter in the Navigation Bar on the
left side of this page.
For full details about this program, see
https://www.htmlgoodies.com/peerreviews
Did you ever wish your newsletter was an easy two way communications medium?
Ploof! It now is!
If you would like to comment on the newsletter or expand/improve on something
you have seen in here, you can now send your input to:
mailto:nlfeedback@htmlgoodies.com
We already receive a lot of email every day. This address will help us sort out
those relating specifically to this newsletter from all the rest. When you send
email to this address it may wind up being included in this section of the
newsletter, to be shared with your fellow readers.
Please don’t send your questions to this address.
They should be sent to our mentors: see
https://www.htmlgoodies.com/mentors/
Thanks again for all your feedback!
Top
Windows Tech Goodie of the Week:
Business Intelligence with Microsoft SQL Server Reporting
Services – Part 2
http://www.15seconds.com/issue/041027.htm
Adnan Masood continues his discussion of Microsoft SQL
Server Analysis services and Microsoft SQL Server Reporting
services. In this part, he discusses the steps that go into
building more advanced reports.
*** AND ***
The Power of SQL CASE Statements
http://www.4guysfromrolla.com/webtech/102704-1.shtml
In this article we’ll take a look at the powerful CASE
statement, shining light on its utility and usefulness in
everyday data-driven Web sites.
Top
And Remember This . . .
On this day in…
1793 La Louvre Art Museum Opened
Originally a palace, the Louvre was begun by King Frances I on the
site of an older fortress (built by Phillip II in the 12th century)
to house his court and his art collection. Almost all subsequent
French Kings made additions to both the Louvre and the royal art
collection. By the eighteenth century, however, the French people
were calling for the collection to be made accessible to the public.
With the French Revolution in 1789 came the first real opportunity
to bring about the change and turn the palace into a museum and on
this day in 1793 the revolutionary government opened the Musee
Central des Arts in the Grande Gallerie of La Louvre.
Both the buildings and the collection have grown considerably since
that time, most notably perhaps, with the addition all the art and
archeological items seized by Napoleon during his campaigns, and the
steel and glass pyramid built by I.M Pei in 1993 for the museum’s
200th anniversary.
Today was also the day that in: 1789 Elijah Crqaig in
Kentucky distilled the first Bourbon Whiskey (distilled from corn);
1864 Abraham Lincoln was elected to a second term as US
President; 1895 Wilhelm Rontgen discovered X-rays; 1892
Grover Cleveland was elected US President; 1904 Thedore
Roosevelt was elected US President; 1932 Franklin Delano
Roosevelt was elected US President; 1960 John F. Kennedy was
elected US President; 1966 actor Ronald Reagan was elected
governor of California; 1968 Cynthia Lennon was granted a
divorce from John; 1980 the Voyager I space probe discovered
the 15th of Saturn’s moons; 1987 an Irish Republican Army
bomb exploded at the Ulster Remembrance Day Service, killing eleven;
1988 an earthquake killed 900 in China; 1988 George
Bush (senior) was elected US President; 1990 Saddam Hussein
fired his military chief and threatened to destroy the Arabian
peninsular;
Born today were: in 1656 astronomer Sir Edmund Halley;
1900 writer Margaret Mitchell (Gone With The Wind); 1914
actor Norman Lloyd; 1916 actress June Havoc; 1921
actor Gene Saks; 1922 South African surgeon Christiaan
Barnard (first heart transplant); 1927 singer Patti Page;
1931 TV newsman Morley Safer; 1949 singer Bonnie Raitt;
1951 TV hostess Mary Hart; 1952 Playboy CEO Christie
Heffner; 1954 singer Rickie Lee Jones; 1956 actress
Randi Brooks; 1961 singer Leif Garrett; 1967 actress
Courtney Thorne-Smith;
Thanks for reading Goodies to Go!
