DOCSLIB.ORG

Lightweight Integrity Protection for Web Storage-Driven Content Caching Sebastian Lekies and Martin Johns SAP Research Karlsruhe {firstname.Lastname}@Sap.Com

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Lightweight Integrity Protection for Web Storage-Driven Content Caching Sebastian Lekies and Martin Johns SAP Research Karlsruhe {firstname.Lastname}@Sap.Com 1 Lightweight Integrity Protection for Web Storage-driven Content Caching Sebastian Lekies and Martin Johns SAP Research Karlsruhe ffi[email protected] Abstract—The term Web storage summarizes a set of browser- runs the malicious content (See Section III for examples). based technologies that allow application-level persistent storage Well-known cross-site scripting defense techniques such as of key/values pairs on the client-side. These capabilities are input validation or output encoding are not applicable in this frequently used for caching of markup or script code fragments, e.g., in scenarios with specific bandwidth or responsiveness scenario, as legitimate code fragments would also be rendered requirements. Unfortunately, this practice is inherently insecure, void by these XSS filters. as it may allow attackers to inject malicious JavaScript payloads In this paper we first investigate the usage of Web Storage into the browser’s Web storage. Such payloads reside in the with regards to code caching by investigating the front pages victim’s browser for a potentially prolonged period and lead to of the Alexa top 500.000 Web sites. Thereby, we found out resident compromise of the application’s client-side code. In this paper, we first present three possible attack scenarios that 20,422 Web sites make use of client-side storage and that that showcase how an attacker is able to inject code into web 386 Web sites store 2084 pieces of HTML, Javascript code storage. Then we verify that Web storage is indeed used in the or CSS style declarations within Local- or SessionStorage. outlined, insecure fashion, via a large-scale study of the top Furthermore, we present a method that allows a Web appli- 500.000 Alexa domains. Furthermore, we propose a lightweight cation to securely store code fragments on the client-side. integrity protecting mechanism that allows developers to store markup and code fragments in Web storage without risking a We achieve this by utilizing checksums that are calculated potential compromise. Our protection approach can be intro- for cached code. Whenever the code is fetched and executed duced without requiring browser modifications and introduces from Web Storage the application validates the checksum in only negligible performance overhead. order to ensure integrity of the stored content. Therefore, an attacker is not able to inject his payload into client-side storage capabilities and thus attacks are rendered void. I. INTRODUCTION The rest of the paper is structured as follows. After we Since the rise of Web 2.0 applications a shift from server- outlined the basics of Web Storage in Section II, we present side to client-side functionality is perceivable on the Web. three attack scenarios in Section III that could be utilized by Especially new HTML5 features such as Web Messaging, an attacker to smuggle his payload into the client-side Web Cross-Origin Resource Sharing or Offline Apps enrich the storage of a victim. After that, we investigate the usage of Web user-experience of modern Web applications. However, with Storage by presenting the results of a large-scale study of the the power of these new APIs comes the responsibility to utilize Alexa top 500,000 Web sites in Section IV. As pointed out by these features in a secure fashion. In the past some research the study results Web Storage is used in an insecure fashion work has already been conducted to reveal potential security when it is utilized for client-side code caching. Therefore, we issues with client-side technologies [1, 3, 4, 6, 12]. developed a JavaScript library that protects Web applications In this paper we investigate HTML5’s Web Storage API that from being exploited while still preserving the benefits of code consists of the SessionStorage and LocalStorage attributes [5]. caching. The basic idea, an evaluation and possible limitations Web Storage is a mechanism that allows a Web application of our approach are discussed in Section V. Finally, we present to store structured data within the user’s Web browser via related work in Section VI and a conclusion in Section VII. Javascript. While this API can be used for client-side state management, it is also often used for caching[17] (See Section II. TECHNICAL BACKGROUND IV for more details). Especially, in mobile environments where In this Section we briefly outline the technical backgrounds. bandwidth and latency matters Web-Storage-based caching can After covering the basics of Web Storage, we present different be a powerful technique to decrease loading times by saving use cases for the presented capabilities. and reusing frequently required scripts or style declarations on the mobile device[17]. However, caching such content in a storage that is accessible A. What is Web Storage? via scripting is a dangerous practice as it creates new attack Web Storage is a mechanism that allows a piece of vectors for adversaries. The cause of the problem is the fact Javascript to store structured data within the user’s browser [5]. that at one point in time, code written to the storage has to be Web Storage is, thereby, an umbrella term for two related func- executed again. Hence, if an attacker is able to exchange the tionalities - SessionStorage and LocalStorage. Each of these cached code with his payload, the application automatically storage types implements the same API and adheres to the 2 same security restrictions. The underlying storage mechanism implications to differ from the corresponding results for the is implemented via a key-value scheme that allows to store, established technologies. retrieve and delete a String value based on a certain key (See Listing 1 for an example). B. Use cases for Web storage Up to now, two usage patterns for Web storage have received Listing 1 Exemplary usage of LocalStorage some attention: Keeping state in offline situations and using <script> Web storage for caching purposes. We briefly revisit these //Set Item concepts in this section. localStorage.setItem("foo","bar"); However, the general concept of persistent, client-side Web ... storage is still a rather recent addition to the Web application //Get Item paradigm. Hence, not much experience has been documented, var testVar = localStorage.getItem("foo"); ... how these APIs end up being used by real-life Web appli- //Remove Item cations. Hence, to collect practical insight into this area, we localStorage.removeItem("foo"); conducted some applied survey work, which will be the subject ... of Section IV. //Clear all 1) State-keeping for offline apps: Modern browsers allow localStorage.clear(); </script> Web applications to provide offline capabilities. For this, the application can explicitly specify which of its Web resources should be kept in the browser’s application cache [2]. This In general, access to data stored within Web Storage is is done using a dedicated manifest file that lists the URLs limited to same origin resources only. Each site gets one of to be stored resources. In situations, in which the Web storage area assigned to it, so that data of different origins browser is disconnected form the network, these files, which is strictly separated. Therefore, data stored by a Web site on were stored earlier, are loaded and rendered from the appcache. a.net is only accessible to other resources from a.net, but not However, as no network connection is present to propagate the from b.net. user’s action to the Web server, all actions, which may have a 1) SessionStorage: SessionStorage was designed for permanent effect, have to be temporarily stored in the browser transaction-based scenarios in which a user is able to simul- until the browser reenters the online mode. For this purpose, taneously carry out the same transaction in multiple browser Web storage is well designed. windows. Within the same window, data can be stored and 2) Using Web storage for controlled caching of Web con- retrieved from the storage by any Web page loaded from the tent: The current caching facilities of Web browsers only same origin. A page loaded within another window posses its allow to cache the content of full HTTP responses, i.e., own storage and hence is not able to access the data from complete documents, scripts, or images. Furthermore, the another window. actual caching process is transparent to the application and 2) LocalStorage: LocalStorage differs from SessionStorage not under its control. Hence, in situation, in which the need in respect to scope and lifetime. As opposed to Session- occurs to either cache only sub-parts of HTML documents or Storage, data within the LocalStorage can also be accessed in which the application needs closer control in respect to the across different browser windows by same origin Web pages. cached content and its usage, Web storage provides the needed Furthermore, LocalStorage is persistent across sessions, while capabilities [15]. This seems to be especially appreciated in data within SessionStorage is discarded whenever the corre- the context of Web applications that target mobile devices, sponding session is closed. (Note: The lifetime of a session which, unlike their modern desktop counterparts, may have is unrelated to the lifetime of the corresponding user agent to deal with limited network bandwidth and high network process, as the user agent may support resuming sessions after latency [17]. restart[5].) III. ATTACKS 3) GlobalStorage: Earlier versions of the HTML5 spec- ification also contained the GlobalStorage directive. How- A. Insecure usage of Web storage ever, it was removed from the specification in favor of the As motivated in Section II-B2, a potential use case for Web LocalStorage API [9]. GlobalStorage holds multiple private storage is application-level content caching. In this context, it storage areas that can be accessed over a longer period of time has been documented [4, 7], that some applications use Web across multiple pages and sessions.
Load more

Recommended publications
  • M3AAWG Best Common Practices for Mitigating Abuse of Web Messaging Systems, Version 1.1 Updated March 2019 (2010)
    Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) M3AAWG Best Common Practices for Mitigating Abuse of Web Messaging Systems, Version 1.1 Updated March 2019 (2010) The reference URL for this document is www.m3aawg.org/WebMessagingAbuse Table of Contents Updated in this Version ......................................................................................................................................................... 1 Introduction ........................................................................................................................................................................... 1 Typical Attacks ...................................................................................................................................................................... 2 Monitoring and Alerting ....................................................................................................................................................... 2 Proactive Defense .................................................................................................................................................................. 3 UI Access ........................................................................................................................................................................................................... 3 Web Application Security ..............................................................................................................................................................................
    [Show full text]
  • Cross-Domain Communications
    CSE 361: Web Security Cross-domain Communication Nick Nikiforakis 2 A World Without Separation between Sites http://kittenpics.org https://gmail.com 3 The Same-Origin Policy for JavaScript • Most basic access control policy • controls how active content can access resources • Same-Origin Policy for JavaScript for three actions • Script access to other document in same browser • frames/iframes • (popup) windows • Script access to application-specific local state • cookies, Web Storage, or IndexedDB • Explicit HTTP requests to other hosts • XMLHttpRequest 4 The Same-Origin Policy for JavaScript • Only allows access if origins match Protocol Hostname Port • Origin defined by protocol, hostname, and port http://example.org:80/path/ Originating document Accessed document Non-IE Browser Internet Explorer http://example.org/a http://example.org/b http://example.org http://www.example.org http://example.org https://example.org http://example.org http://example.org:81 5 Domain Relaxation • Two sub-domains of a common parent domain want to communicate • Notably: can overwrite different port! • Browsers allow setting document.domain property • Can only be set to valid suffix including parent domain • test.example.org -> example.org ok • example.org -> org forbidden • When first introduced, relaxation of single sub-domain was sufficient • Nowadays: both (sub-)domains must explicitly set document.domain 6 Domain Relaxation http://sub.kittenpics.org http://kittenpics.org document.domain = "kittenpics.org" document.domain = "kittenpics.org" 7 Domain Relaxation http://sub.kittenpics.org http://kittenpics.org document.domain = "kittenpics.org" Cross-Origin Communication 9 Cross-origin communication • Subdomains of the same domain can use domain relaxation when they want to talk to one another.
    [Show full text]
  • HTML5 Favorite Twitter Searches App Browser-Based Mobile Apps with HTML5, CSS3, Javascript and Web Storage
    Androidfp_19.fm Page 1 Friday, May 18, 2012 10:32 AM 19 HTML5 Favorite Twitter Searches App Browser-Based Mobile Apps with HTML5, CSS3, JavaScript and Web Storage Objectives In this chapter you’ll: ■ Implement a web-based version of the Favorite Twitter Searches app from Chapter 5. ■ Use HTML5 and CSS3 to implement the interface of a web app. ■ Use JavaScript to implement the logic of a web app. ■ Use HTML5’s Web Storage APIs to store key-value pairs of data that persist between executions of a web app. ■ Use a CSS reset to remove all browser specific HTML- element formatting before styling an HTML document’s elements. ■ Save a shortcut for a web app to your device’s home screen so you can easily launch a web app. = DRAFT: © Copyright 1992–2012 by Deitel & Associates, Inc. All Rights Reserved. Androidfp_19.fm Page 2 Friday, May 18, 2012 10:32 AM 2 Chapter 19 HTML5 Favorite Twitter Searches App 19.1 Introduction 19.5 Building the App 19.2 Test-Driving the Favorite Twitter 19.5.1 HTML5 Document Searches App 19.5.2 CSS 19.5.3 JavaScript 19.3 Technologies Overview Outline 19.6 Wrap-Up 19.1 Introduction The Favorite Twitter Searches app from Chapter 5 allowed users to save their favorite Twit- ter search strings with easy-to-remember, user-chosen, short tag names. Users could then conveniently follow tweets on their favorite topics. In this chapter, we reimplement the Fa- vorite Twitter Searches app as a web app, using HTML5, CSS3 and JavaScript.
    [Show full text]
  • Seamless Offloading of Web App Computations from Mobile Device to Edge Clouds Via HTML5 Web Worker Migration
    Seamless Offloading of Web App Computations From Mobile Device to Edge Clouds via HTML5 Web Worker Migration Hyuk Jin Jeong Seoul National University SoCC 2019 Virtual Machine & Optimization Laboratory Department of Electrical and Computer Engineering Seoul National University Computation Offloading Mobile clients have limited hardware resources Require computation offloading to servers E.g., cloud gaming or cloud ML services for mobile Traditional cloud servers are located far from clients Suffer from high latency 60~70 ms (RTT from our lab to the closest Google Cloud DC) Latency<50 ms is preferred for time-critical games Cloud data center End device [Kjetil Raaen, NIK 2014] 2 Virtual Machine & Optimization Laboratory Edge Cloud Edge servers are located at the edge of the network Provide ultra low (~a few ms) latency Central Clouds Mobile WiFi APs Small cells Edge Device Cloud Clouds What if a user moves? 3 Virtual Machine & Optimization Laboratory A Major Issue: User Mobility How to seamlessly provide a service when a user moves to a different server? Resume the service at the new server What if execution state (e.g., game data) remains on the previous server? This is a challenging problem Edge computing community has struggled to solve it • VM Handoff [Ha et al. SEC’ 17], Container Migration [Lele Ma et al. SEC’ 17], Serverless Edge Computing [Claudio Cicconetti et al. PerCom’ 19] We propose a new approach for web apps based on app migration techniques 4 Virtual Machine & Optimization Laboratory Outline Motivation Proposed system WebAssembly
    [Show full text]
  • Copyrighted Material
    05_096970 ch01.qxp 4/20/07 11:27 PM Page 3 1 Introducing Cascading Style Sheets Cascading style sheets is a language intended to simplify website design and development. Put simply, CSS handles the look and feel of a web page. With CSS, you can control the color of text, the style of fonts, the spacing between paragraphs, how columns are sized and laid out, what back- ground images or colors are used, as well as a variety of other visual effects. CSS was created in language that is easy to learn and understand, but it provides powerful control over the presentation of a document. Most commonly, CSS is combined with the markup languages HTML or XHTML. These markup languages contain the actual text you see in a web page — the hyperlinks, paragraphs, headings, lists, and tables — and are the glue of a web docu- ment. They contain the web page’s data, as well as the CSS document that contains information about what the web page should look like, and JavaScript, which is another language that pro- vides dynamic and interactive functionality. HTML and XHTML are very similar languages. In fact, for the majority of documents today, they are pretty much identical, although XHTML has some strict requirements about the type of syntax used. I discuss the differences between these two languages in detail in Chapter 2, and I also pro- vide a few simple examples of what each language looks like and how CSS comes together with the language to create a web page. In this chapter, however, I discuss the following: ❑ The W3C, an organization that plans and makes recommendations for how the web should functionCOPYRIGHTED and evolve MATERIAL ❑ How Internet documents work, where they come from, and how the browser displays them ❑ An abridged history of the Internet ❑ Why CSS was a desperately needed solution ❑ The advantages of using CSS 05_096970 ch01.qxp 4/20/07 11:27 PM Page 4 Part I: The Basics The next section takes a look at the independent organization that makes recommendations about how CSS, as well as a variety of other web-specific languages, should be used and implemented.
    [Show full text]
  • Qumu HTML5 Multicast Extension Deliver Video Across the Enterprise—With No Plugins Required
    DATASHEET Qumu HTML5 Multicast Extension Deliver video across the enterprise—with no plugins required What is it? The Qumu HTML5 Multicast Extension is a revolutionary solution to the problem introduced by modern browsers— delivering Multicast video behind the firewall, to users who no longer have browsers that support Microsoft Silverlight. The HTML5 Multicast Extension from Qumu provides a seamless way to play a Multicast live broadcast natively in newer versions of Google Chrome, Internet Explorer, Microsoft Edge and Firefox. How does it work? Deployed with Qumu’s on premise solution, enterprises simply install the extension on each desktop to allow employees to experience live streaming with Multicast on the browser of their choice. By working together with the Qumu VideoNet Edge that originates multicast throughout the corporate network, the HTML5 Multicast Extension provides a complete solution for delivering and rendering multicast video in corporate environment. What are the benefits? Organizations can leverage current infrastructure on the Network and WAN to support multicast in modern browsers The extension supports HTML5 with no additional requirements for Windows Media, Flash, or Silverlight The Qumu HTML5 Multicast Extension delivers high-quality video to the entire organization with minimal network impact Qumu on premise platform customers can expand their video delivery footprint to thousands of users—quickly and cost effectively The extension can be deployed and managed via a software- only solution, 100% behind the firewall. Playlist failover from RTP Multicast to RTSP Unicast is supported, and so are in-band slides and events What are the technical details? Client Support: Formats Supported: · Windows 7, 8.1 and 10 · IE11 (Win10) Live – RTP Multicast, RTSP Unicast · Google Chrome · Microsoft Edge · Firefox Want to Know More? Contact Us.
    [Show full text]
  • HTML5 Indexeddb
    HHTTMMLL55 -- IINNDDEEXXEEDDDDBB http://www.tutorialspoint.com/html5/html5_indexeddb.htm Copyright © tutorialspoint.com The indexeddb is a new HTML5 concept to store the data inside user's browser. indexeddb is more power than local storage and useful for applications that requires to store large amount of the data. These applications can run more efficiency and load faster. Why to use indexeddb? The W3C has announced that the Web SQL database is a deprecated local storage specification so web developer should not use this technology any more. indexeddb is an alternative for web SQL data base and more effective than older technologies. Features it stores key-pair values it is not a relational database IndexedDB API is mostly asynchronous it is not a structured query language it has supported to access the data from same domain IndexedDB Before enter into an indexeddb, we need to add some prefixes of implementation as shown below window.indexedDB = window.indexedDB || window.mozIndexedDB || window.webkitIndexedDB || window.msIndexedDB; window.IDBTransaction = window.IDBTransaction || window.webkitIDBTransaction || window.msIDBTransaction; window.IDBKeyRange = window.IDBKeyRange || window.webkitIDBKeyRange || window.msIDBKeyRange if (!window.indexedDB) { window.alert("Your browser doesn't support a stable version of IndexedDB.") } Open an IndexedDB database Before creating a database, we have to prepare some data for the data base.let's start with company employee details. const employeeData = [ { id: "01", name: "Gopal K Varma", age: 35,
    [Show full text]
  • Coding Your First HTML5 Game
    Coding Your First HTML5 Game Randy Hoyt @randyhoyt randyhoyt.com/launchgame @randyhoyt Overview • Code • HTML5 • Games @randyhoyt Overview • Games • HTML5 • Code @randyhoyt Games Games • Games are fun I love games! @randyhoyt A Theory of Fun (2004), by Ralph Koster Games • Games are fun • Games are everywhere I love games! @randyhoyt Homo Ludens (1938), by Johan Huizinga Games • Games are fun • Games are everywhere • Games exercise the brain I love games! @randyhoyt Play engages the prefrontal cortex, responsible for your highest-level cognitive functions – including self- knowledge, memory, mental imagery, and incentive and reward processing. Brain Workout, Life Optimizer, http://trhou.se/WHkaR7 Brain Workout, Life Optimizer, http://trhou.se/WHkaR7 Games • Games are fun • Games are everywhere • Games exercise the brain • Games are practice for the real world I love games! @randyhoyt 7 TED Talks on Gaming, http://trhou.se/gamesTED Games And Me @randyhoyt HTML5 Buzzword Alert! HTML5 and Related Technologies • Canvas @randyhoyt HTML5 and Related Technologies • Canvas • WebGL http://trhou.se/whyWebGL @randyhoyt HTML5 and Related Technologies • Canvas • WebGL http://trhou.se/whyWebGL • WebSocket http://trhou.se/introwebsockets @randyhoyt HTML5 and Related Technologies • Canvas • WebGL http://trhou.se/whyWebGL • WebSocket http://trhou.se/introwebsockets • SVG @randyhoyt HTML5 Games It’s official: with HTML5 today the browser has become a full- fledged gaming platform. HTML5 Gaming, http://html5rocks.com/gaming Behind the Scenes, http://www.cuttherope.ie/dev/
    [Show full text]
  • Document Object Model
    Document Object Model CITS3403: Agile Web Development Semester 1, 2021 Introduction • We’ve seen JavaScript core – provides a general scripting language – but why is it so useful for the web? • Client-side JavaScript adds collection of objects, methods and properties that allow scripts to interact with HTML documents dynamic documents client-side programming • This is done by bindings to the Document Object Model (DOM) – “The Document Object Model is a platform- and language-neutral interface that will allow programs and scripts to dynamically access and update the content, structure and style of documents.” – “The document can be further processed and the results of that processing can be incorporated back into the presented page.” • DOM specifications describe an abstract model of a document – API between HTML document and program – Interfaces describe methods and properties – Different languages will bind the interfaces to specific implementations – Data are represented as properties and operations as methods • https://www.w3schools.com/js/js_htmldom.asp The DOM Tree • DOM API describes a tree structure – reflects the hierarchy in the XTML document – example... <html xmlns = "http://www.w3.org/1999/xhtml"> <head> <title> A simple document </title> </head> <body> <table> <tr> <th>Breakfast</th> <td>0</td> <td>1</td> </tr> <tr> <th>Lunch</th> <td>1</td> <td>0</td> </tr> </table> </body> </html> Execution Environment • The DOM tree also includes nodes for the execution environment in a browser • Window object represents the window displaying a document – All properties are visible to all scripts – Global variables are properties of the Window object • Document object represents the HTML document displayed – Accessed through document property of Window – Property arrays for forms, links, images, anchors, … • The Browser Object Model is sometimes used to refer to bindings to the browser, not specific to the current page (document) being rendered.
    [Show full text]
  • Chapter 10 Document Object Model and Dynamic HTML
    Chapter 10 Document Object Model and Dynamic HTML The term Dynamic HTML, often abbreviated as DHTML, refers to the technique of making Web pages dynamic by client-side scripting to manipulate the document content and presen- tation. Web pages can be made more lively, dynamic, or interactive by DHTML techniques. With DHTML you can prescribe actions triggered by browser events to make the page more lively and responsive. Such actions may alter the content and appearance of any parts of the page. The changes are fast and e±cient because they are made by the browser without having to network with any servers. Typically the client-side scripting is written in Javascript which is being standardized. Chapter 9 already introduced Javascript and basic techniques for making Web pages dynamic. Contrary to what the name may suggest, DHTML is not a markup language or a software tool. It is a technique to make dynamic Web pages via client-side programming. In the past, DHTML relies on browser/vendor speci¯c features to work. Making such pages work for all browsers requires much e®ort, testing, and unnecessarily long programs. Standardization e®orts at W3C and elsewhere are making it possible to write standard- based DHTML that work for all compliant browsers. Standard-based DHTML involves three aspects: 447 448 CHAPTER 10. DOCUMENT OBJECT MODEL AND DYNAMIC HTML Figure 10.1: DOM Compliant Browser Browser Javascript DOM API XHTML Document 1. Javascript|for cross-browser scripting (Chapter 9) 2. Cascading Style Sheets (CSS)|for style and presentation control (Chapter 6) 3. Document Object Model (DOM)|for a uniform programming interface to access and manipulate the Web page as a document When these three aspects are combined, you get the ability to program changes in Web pages in reaction to user or browser generated events, and therefore to make HTML pages more dynamic.
    [Show full text]
  • Learning HTML5 Game Programming Addison-Wesley Learning Series
    Learning HTML5 Game Programming Addison-Wesley Learning Series Visit informit.com/learningseries for a complete list of available publications. The Addison-Wesley Learning Series is a collection of hands-on programming guides that help you quickly learn a new technology or language so you can apply what you’ve learned right away. Each title comes with sample code for the application or applications built in the text. This code is fully annotated and can be reused in your own projects with no strings attached. Many chapters end with a series of exercises to encourage you to reexamine what you have just learned, and to tweak or adjust the code as a way of learning. Titles in this series take a simple approach: they get you going right away and leave you with the ability to walk off and build your own application and apply the language or technology to whatever you are working on. Learning HTML5 Game Programming A Hands-on Guide to Building Online Games Using Canvas, SVG, and WebGL James L. Williams Upper Saddle River, NJ • Boston • Indianapolis • San Francisco New York • Toronto • Montreal • London • Munich • Paris • Madrid Cape Town • Sydney • Tokyo • Singapore • Mexico City Many of the designations used by manufacturers and sellers to distinguish their products Associate are claimed as trademarks. Where those designations appear in this book, and the publish- Publisher er was aware of a trademark claim, the designations have been printed with initial capital Mark Taub letters or in all capitals. Senior Acquisitions The author and publisher have taken care in the preparation of this book, but make no Editor expressed or implied warranty of any kind and assume no responsibility for errors or omis- Trina MacDonald sions.
    [Show full text]
  • How-To Guide: Copy and Adjust Skins (SAP CRM 7.0).Pdf
    How-to Guide: Copy and Adjust Skins ® SAP CRM 7.0 Target Audience System administrators Technology consultants Document version: 1.1 – December 2008 SAP AG Dietmar-Hopp-Allee 16 69190 Walldorf Germany T +49/18 05/34 34 24 F +49/18 05/34 34 20 www.sap.com © Copyright 2007 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their Some software products marketed by SAP AG and its distributors respective logos are trademarks or registered trademarks of SAP AG contain proprietary software components of other software vendors. in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their Microsoft, Windows, Outlook, and PowerPoint are registered respective companies. Data contained in this document serves trademarks of Microsoft Corporation. informational purposes only. National product specifications may vary. IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, These materials are subject to change without notice. These materials xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, are provided by SAP AG and its affiliated companies ("SAP Group") Tivoli, Informix, i5/OS, POWER, POWER5, OpenPower and for informational purposes only, without representation or warranty of PowerPC are trademarks or registered trademarks of IBM Corporation.
    [Show full text]