:: Introduction ::
Security IS an issue. To discuss them all may take a few days. So I'll just get
straight to the point. The thing I'm gonna share is mainly on website securities.
Simple ones of course. I won't go as far as setting up a COM/DCOM component,
distributed servers and all. Just the simple stuff that's usually overlooked upon.
After all, I don't know how to setup a COM/DCOM component. Hehehee...
Correct me if I'm wrong, but I think most of us consider ourselves as underdogs
compared to the hardcore programmers/hackers who work down in the server room,
surrounded by cables and all. I...for one, consider myself as an underdog.
Question is, how do we champion ourselves against the giants? Those senior members
who began to crunch their fingers way befor we were born? Well, here's some tips
that might prove beneficial.
:: Disabling right-clicks ::
Code stealing IS a threat. One way to prevent such problems is to disable a user's
right-mouse button. I've seen and tested a few hundred variances of scripts for this
purpose, but by far...the simplest one was developed by mr/mrs "a person, a thing, a
being". He didn't quite explain much about himself though. You can find his entry in
the Javascript > Security > One-line code to disable right click (IE 5.0 +).
His code even disables the view source key on the keyboard next to the right Ctrl key.
Its copyrighted by PSC, so I don't dare to paste it here.
:: Hiding URL in the Address Bar ::
I've browsed through a dozen forums to find the answer. To date, the only way is to
make a frameset. Here's an example:
frameset cols="1,*" frameborder="NO" border="0" framespacing="0"
frame src="empty.php" name="leftFrame" scrolling="NO" noresize
frame src="intro.php" name="mainFrame"
/frameset
My bosses gave a direct spesification to have our website frameless. That's why the
left frameset is just 1 pixel wide. Hiding the fact that its framed. The bosses are
happy, and I'm happy too.
Inside the left frame are some junk:
6869212069276d2070757465726173616c6a693b2074686520646576656c6f706572206f6620746869732
0736974652e206665656c206672656520746f207669736974206d696e6520617420687474703a2f2f7361
6c6a75626972752e636a622e6e6574
They're not just garbage though. Its a decrypted message which will reveal the URL of my website. My bosses asked what are the numbers for, and I just said, "Its a security thing". And they like..."Oh, okay".
IMHO, this is a neat way of telling your friends that you're THE webmaster for...
well...lets say Ferrari, perhaps? Might even land you a job with a really good pay.
Who knows?
Don't forget to tell what encryption is used. Otherwise, no one will discover that
Easter egg.
:: Hiding URL in the Status Bar ::
Hover your mouse over a link, and the address is displayed on the status bar. It can
be a problem sometimes, especially when you deal with confidential data. Here's the
script I used on my company websites' links:
a href="main.php" onMouseover="window.status=''; return true"
Its simple, and it doesn't appear as malicious on your security setting. Users who
installed the Service Pack 2 on Windows XP will experience problems when using certain
scripts.
:: Disabling Flash menus ::
If you didn't already disabled right mouse click, then this script might prove useful:
It disables most of the 'options' in the menu that pops when you right-click on a
flash file.
:: Hiding Flash background ::
You have this neat background image, but your Flash just gets in the way. Here's a way
to bend the rules:
This method have proven to be extremely useful for me. If a user gets unlucky, their br
right-click will pop the normal menu that displays whenever you right-click on an HTML
or ASP/PHP/JSP file. It made my peers go nuts trying to figure out just how I did
all the animation on a normal PHP file.
:: Summary ::
Of course the things that we dear most, maybe a trash to others. Therefore, if you
have further suggestions, or views of your own, feel free to voice it. Have a nice day.
NOTE : had to remove most of the '<' and '>' due to restrictions. and BTW, sorry for the
err...bad formatting of this article previously
|
10/15/2005 9:23:16 PM: 
