Web Sites with Gecko Outline

Total Page:16

File Type:pdf, Size:1020Kb

Web Sites with Gecko Outline Mozilla Technology Introduction Mozilla Technology Introduction Part A: Web sites with Gecko { For Web Authoring { Req.: HTML/CSS/JavaScript NTU CSIE and csie.org Part B: Extending Mozilla: XUL-World! Mozilla Localization: Traditional Chinese { For Mozilla extensions developer Hung-Te Lin 林弘 德 { Req.: XML*/JavaScript Part C: Hack the source icos’03 { For source level programmers { Req.: Programming common sense 1 2 Outline Part A: Web sites with Gecko Websites INCOMPATIBLE! { Presentational Error { Functional Error For Web Authoring { Misc Error Req.: HTML/CSS/JavaScript Writing Good Pages 3 4 1 Pages INCOMPATIBLE!!!!! Presentational Error: Plugins Presentational Error Plugin presentational error { CSS rendering { Flash not transparent no solution until Macromedia fixed it Functional Error { Java cannot display ODBC like Chinese { JavaScript error Incorrect version, or many reasons Misc Error { ActiveX Controls Currently not available { Content-Type Error { Windows Media not playing Must follow Mozilla’s embed rule 5 6 Presentation Error: HTML Tags Presentational Error: CSS!! IE-specific tags like <marquee> CSS is the most common error recently. IE does not support full CSS2 { Solved by XUL+XBL, emulation IE’s ActiveX and filter: is not supported XML/MathML not correct? { IE Alpha filter: filter:alpha(opacity=75); { Maybe DTD not found { Mozilla way: -moz-opacity:0.75; { MathML requires correct Content Type DIV layout box model error { No solution IE has some CSS error { Some hacks can prevent this 7 8 2 Functional Error: Functional Error Common JavaScript Error Use “JavaScript Console” to see if any error occurs, and click VB Script? will bring you to the location of source The most common error is “Cannot find object: XXXX” which { No Solution is due to IE’s syntax. We DO have innerHTML but you must get the object first JavaScript Error? Mozilla has no ‘all’ attribute { You may use all other ways to find elements, actually even { Mostly only small piece of code needs to document.NAME is better. See also: document.getElementById, be modified document.getElementByTagName. There is no “children”. We have childNodes { Fix it if you can access the page, or ask Cannot submit Forms { IE can sometimes just use object’s name to access it. Mozilla is the site maintainer to do so. more restricted. Only forms can use this format for compatible with old pages { Or, Save the page and change it locally 9 10 Functional Error: JavaScript Error -- Sample Misc Error: Content-Type http://www.kingstone.com.tw/, the search is not functional. Mozilla trusts HTTP Header “Content-Type”, while IE trusts on JS Console says “input_form is not defined”, line 122 content preload. Click to view: Situation: downloaded some file and Mozilla treated as plain/text { document.search_form.p19.value = ""; if (input_form.p.value=="") { Solution: alert("請至少輸入一個查詢條件!") } { Update remote magic { Submit is O.K now, but this page has more bugs { Use .htaccess { // ------ Check and fixup incoming data block AddType application/x-msdos-program .xpi if(!document.body.children.incoming.children.properties) { document.all.incoming.innerHTML = "<DIV” …..} I want to view in plain/text? { Will be solved in future { <DIV id=“1”> <div id=“summary”> …. </div> </div> { Currently: about:config and change <DIV id=“2”> Network.http.accept.default <div id=“summary”> … text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/pl You cannot repeat ID. ain;q=0.8,video/x- mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1 { …… 11 12 3 The Standards Writing Good Pages What JavaScripts can we use in Use CSS, because you can avoid some Gecko? useless HTML Tables, JavaScript and images. { ECMA262-Edition 3 Try to make your page available to Gecko, { DOM IE, and text-based like lynx { Netscape JavaScript You may choose the best presentation http://www.xulplanet.com/references/elemref/ target, like Gecko and IE JavaScript should run on most browsers 13 14 Q & A Part B: Extending Mozilla: Websites INCOMPATIBLE! XUL-World! { Presentational Error { Functional Error { Misc Error For Mozilla extensions developer Writing Good Pages Req.: XML*/JavaScript 15 16 4 Outline XULPlanet XULPlanet XULPlanet: http://www.xulplanet.com/ XUL: XML, JavaScript, XBL, XPCOM A good tutorial and source for XUL { Writing XUL Programs { Mozilla packages and Layout userChrome and userContent XPInstall, Localization, Themes Sidebar and Sherlock 17 18 XUL: XML and JavaScript XUL: Packaging XUL: pronounced as “zool”, like “cool” Chrome: UI elements in application XML User-interface Language { Content: Windows and Scripts Case sensitive { Skin: Style sheets, images Usually split into: { Locale: Locale and resource { XML/RDF for layout and elements { CSS for style { chrome://<component>/content/<file.xul> { Entity like Locale Resource chrome://dom/content/dom.xul { Scripts (currently most JavaScript) Content Area: request document { Additional images 19 20 5 XUL: Manifest XUL: XUL for a simple window To specify package location <?xml version="1.0"?> <?xml-stylesheet href="chrome://global/skin/" type="text/css"?> Sample: <window id="findfile-window" title="Find Files" orient="horizontal" <?xml version="1.0"?> xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"> <RDF:RDF <button label="Normal"/> xmlns:RDF="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:chrome="http://www.mozilla.org/rdf/chrome#"> <button label="Disabled" disabled="true"/> <RDF:Seq about="urn:mozilla:package:root"> <button label="Default" default="true"/> <RDF:li resource="urn:mozilla:package:findfile"/> </RDF:Seq> </window> <RDF:Description about="urn:mozilla:package:findfile" chrome:displayName="Find Files" chrome:author="Whoever" chrome:name="findfile"> </RDF:Description> Invokation: 1. just browse this xul file and it’ll be shown. </RDF:RDF> 2. If you want to specify the size, use JavaScript and assign. Chrome directory: “installed-chrome.txt” • window.open("chrome://navigator/content/navigator.xul", { content,install,path,/main/calculator/ "bmarks", "chrome,width=600,height=300"); 3. Run mozilla –chrome chrome://….. 21 • resource:// refer to the directory where Mozilla installed22 XUL: Menus XUL: Add Events! (DOM2) <toolbox flex="1"> <menubar id="sample-menubar"> <script src=“blah.js”> <menu id="file-menu" label="File"> <menuitem label=“New" accesskey=“n" <menupopup id="file-popup"> <menuitem label="New"/> oncommand=“alert(‘What\’s new?’);"/> ... <menuitem label="Open"/> <menuitem label="Save"/> <button id="cancel-button" label="Cancel" <menuseparator/> <menuitem label="Exit"/> oncommand="window.close();"/> </menupopup></menu> <menu id="edit-menu" label="Edit"> <menupopup id="edit-popup"> <menuitem label="Undo"/> <menuitem label="Redo"/> </menupopup> </menu> </menubar> </toolbox> 23 24 6 XUL: XBL, XUL: Style it eXtensible Bindings Language Declaring behavior of XUL widgets. HTML styles Limitation of XUL: { <html:table>, <html:br>, …… { You can’t change how elements works CSS Styling Sample: define a new ‘box’ with 3 buttons { <?xml-stylesheet href="chrome://global/skin/" type="text/css"?> <?xml version="1.0"?> { Use HTML ‘class=‘ ‘id=‘ and other style <bindings xmlns="http://www.mozilla.org/xbl"> <binding id="binding1"> rules to style your user interface <!-- content, property, method and event descriptions go here --> </binding> </bindings> ----------------------------------------------------------------------------------------------------- 25 scrollbar { -moz-binding: url('chrome://findfile/content/findfile.xml#binding1');26 } XPCOM: Cross-Platform XUL/XBL: Making OO widgets! Component Object Model Limits of XUL JavaScripts: Attribute Inheritance { You cannot access low level APIs XBL Bindings: Solution: { Write native code to do low level API { Content { Provide an interface for JavaScript to call Appearance of widget { Like most OO Models with interface/implementation { Property/Field Using: (ActiveX way) Field: Generated variables like random { Get a component Property: Get/Set { Get the part that implements interface you want { Call the function { Method and event descriptions var aFile = Components.classes["@mozilla.org/file/local;1"].createInstance(); Action of some event if (!aFile) return false; var LocalFile=aFile.QueryInterface(Components.interfaces.nsILocalFile); 27 28 if (!aLocalFile) return false; 7 Mozilla Themes (Skins) and Locales Why’re Mozilla themes so hard? Change chrome files! The most flexible than others Change Skin/Locale: switch specified package in manifest file. Hardest than others Locales: UTF8 defined in DTD files { Most themes only change toolbar { Use: <button label="&findLabel"/> { Declare: <!ENTITY findLabel "Find"> You have to style all CSS DTD for XUL, and properties for scripts All of these applies to langpacks { In XUL: <stringbundle id="strings" src="strings.properties"/> { In script: var strbundle=document.getElementById("strings"); Themes error may lead to unavailable { In Prop: notFoundAlert=Not found! while langpacks error leads to crash 29 30 XPInstall Mozilla Package and Layout Cross Platform Installation mozilla/bin/ { chrome/ the chrome (XUL) Package your work and make a en-US.jar, en-win/mac/unix.jar, US.jar: locale install.js then name it “.xpi” comm.jar, messenger.jar: content modern.jar, classic.jar: skin Many ways to install it, like Installed-chrome.txt text index chrome.rdf: registered chrome { Javascript: var xpi = {}; xpi[caption]= url; { components/ XPCOM native InstallTrigger.install(xpi);
Recommended publications
  • Childnodes 1
    Index Home | Projects | Docs | Jargon Bugzilla | LXR | Tree Status | Checkins Feedback | FAQ | Search A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z Index Symbols _content 1 A addEventListener 1 alert() 1 align 1 alinkColor 1 anchors 1 appCodeName 1 appendChild 1 applets 1 appName 1 appVersion 1 attributes 1, 2 http://www.mozilla.org/docs/dom/domref/dom_shortIX.html (1 de 20) [09/06/2003 9:55:09] Index availLeft 1 availTop 1 availWidth 1 B back() 1 bgColor 1 blur 1 blur() 1 body 1 C captureEvents() 1 characterSet 1 childNodes 1 clear 1 clearInterval() 1 clearTimeout() 1 click 1 cloneContents 1 cloneNode 1 cloneRange 1 close 1 http://www.mozilla.org/docs/dom/domref/dom_shortIX.html (2 de 20) [09/06/2003 9:55:09] Index close() 1 closed 1 collapse 1 collapsed 1 colorDepth 1 commonAncestorContainer 1 compareBoundaryPoints 1 Components 1 confirm() 1 contentDocument 1, 2 contentWindow 1, 2 controllers 1 cookie 1 cookieEnabled 1 createAttribute 1 createDocumentFragment 1 createElement 1 createRange 1 createTextNode 1 crypto 1 cssRule 1 cssRule Object 1 http://www.mozilla.org/docs/dom/domref/dom_shortIX.html (3 de 20) [09/06/2003 9:55:09] Index cssRules 1 cssText 1 D defaultStatus 1 deleteContents 1 deleteRule 1 detach 1 directories 1 disabled 1 dispatchEvent 1 doctype 1 document 1 documentElement 1 DOM 1, 2 DOM 2 Range Interface 1 DOM window Interface 1 domain 1 dump() 1 E Elements Interface 1 embeds 1 http://www.mozilla.org/docs/dom/domref/dom_shortIX.html (4 de 20) [09/06/2003 9:55:09]
    [Show full text]
  • Bibliography of Erik Wilde
    dretbiblio dretbiblio Erik Wilde's Bibliography References [1] AFIPS Fall Joint Computer Conference, San Francisco, California, December 1968. [2] Seventeenth IEEE Conference on Computer Communication Networks, Washington, D.C., 1978. [3] ACM SIGACT-SIGMOD Symposium on Principles of Database Systems, Los Angeles, Cal- ifornia, March 1982. ACM Press. [4] First Conference on Computer-Supported Cooperative Work, 1986. [5] 1987 ACM Conference on Hypertext, Chapel Hill, North Carolina, November 1987. ACM Press. [6] 18th IEEE International Symposium on Fault-Tolerant Computing, Tokyo, Japan, 1988. IEEE Computer Society Press. [7] Conference on Computer-Supported Cooperative Work, Portland, Oregon, 1988. ACM Press. [8] Conference on Office Information Systems, Palo Alto, California, March 1988. [9] 1989 ACM Conference on Hypertext, Pittsburgh, Pennsylvania, November 1989. ACM Press. [10] UNIX | The Legend Evolves. Summer 1990 UKUUG Conference, Buntingford, UK, 1990. UKUUG. [11] Fourth ACM Symposium on User Interface Software and Technology, Hilton Head, South Carolina, November 1991. [12] GLOBECOM'91 Conference, Phoenix, Arizona, 1991. IEEE Computer Society Press. [13] IEEE INFOCOM '91 Conference on Computer Communications, Bal Harbour, Florida, 1991. IEEE Computer Society Press. [14] IEEE International Conference on Communications, Denver, Colorado, June 1991. [15] International Workshop on CSCW, Berlin, Germany, April 1991. [16] Third ACM Conference on Hypertext, San Antonio, Texas, December 1991. ACM Press. [17] 11th Symposium on Reliable Distributed Systems, Houston, Texas, 1992. IEEE Computer Society Press. [18] 3rd Joint European Networking Conference, Innsbruck, Austria, May 1992. [19] Fourth ACM Conference on Hypertext, Milano, Italy, November 1992. ACM Press. [20] GLOBECOM'92 Conference, Orlando, Florida, December 1992. IEEE Computer Society Press. http://github.com/dret/biblio (August 29, 2018) 1 dretbiblio [21] IEEE INFOCOM '92 Conference on Computer Communications, Florence, Italy, 1992.
    [Show full text]
  • Two Case Studies of Open Source Software Development: Apache and Mozilla
    Two Case Studies of Open Source Software Development: Apache and Mozilla AUDRIS MOCKUS Avaya Labs Research ROY T FIELDING Day Software and JAMES D HERBSLEB Carnegie Mellon University According to its proponents, open source style software development has the capacity to compete successfully, and perhaps in many cases displace, traditional commercial development methods. In order to begin investigating such claims, we examine data from two major open source projects, the Apache web server and the Mozilla browser. By using email archives of source code change history and problem reports we quantify aspects of developer participation, core team size, code ownership, productivity, defect density, and problem resolution intervals for these OSS projects. We develop several hypotheses by comparing the Apache project with several commercial projects. We then test and refine several of these hypotheses, based on an analysis of Mozilla data. We conclude with thoughts about the prospects for high-performance commercial/open source process hybrids. Categories and Subject Descriptors: D.2.9 [Software Engineering]— Life cycle, Productivity, Pro- gramming teams, Software process models, Software Quality assurance, Time estimation; D.2.8 [Software Engineering]— Process metrics, Product metrics; K.6.3 [Software Management]— Software development, Software maintenance, Software process General Terms: Management, Experimentation, Measurement, Human Factors Additional Key Words and Phrases: Open source software, defect density, repair interval, code ownership, Apache, Mozilla This work was done while A. Mockus and J. D. Herbsleb were members of software Production Research Department at Lucent Technologies’ Bell Laboratories. This article is a significant extension to the authors’ paper, “A case study of open source software development: the Apache server,” that appeared in the Proceedings of the 22nd International Con- ference on Software Engineering, Limerick, Ireland, June 2000 (ICSE 2000), 263-272.
    [Show full text]
  • Security Analysis of Firefox Webextensions
    6.857: Computer and Network Security Due: May 16, 2018 Security Analysis of Firefox WebExtensions Srilaya Bhavaraju, Tara Smith, Benny Zhang srilayab, tsmith12, felicity Abstract With the deprecation of Legacy addons, Mozilla recently introduced the WebExtensions API for the development of Firefox browser extensions. WebExtensions was designed for cross-browser compatibility and in response to several issues in the legacy addon model. We performed a security analysis of the new WebExtensions model. The goal of this paper is to analyze how well WebExtensions responds to threats in the previous legacy model as well as identify any potential vulnerabilities in the new model. 1 Introduction Firefox release 57, otherwise known as Firefox Quantum, brings a large overhaul to the open-source web browser. Major changes with this release include the deprecation of its initial XUL/XPCOM/XBL extensions API to shift to its own WebExtensions API. This WebExtensions API is currently in use by both Google Chrome and Opera, but Firefox distinguishes itself with further restrictions and additional functionalities. Mozilla’s goals with the new extension API is to support cross-browser extension development, as well as offer greater security than the XPCOM API. Our goal in this paper is to analyze how well the WebExtensions model responds to the vulnerabilities present in legacy addons and discuss any potential vulnerabilities in the new model. We present the old security model of Firefox extensions and examine the new model by looking at the structure, permissions model, and extension review process. We then identify various threats and attacks that may occur or have occurred before moving onto recommendations.
    [Show full text]
  • A Review of XML-Compliant User Interface Description Languages
    ÊÚÛ Ó ÅĹ ÓÑÔÐÒØ Í×Ö ÁÒØÖ ×ÖÔØÓÒ ÄÒÙ× ÆØÐ ËÓÙÓÒ Ò ÂÒ ÎÒÖÓÒØ ÍÒÚÖר Ø ÓÐÕÙ ÄÓÙÚ Ò¸ ÁÒרØÙØ ³ÑÒ×ØÖ ØÓÒ Ø ×ØÓÒ ÈÐ × ÓÝÒ׸ ½ ¹ ¹½¿ ! ÄÓÙÚ Ò¹Ð ¹ÆÙÚ¸ Ð#ÙÑ ×ÓÙÓÒ¸ Ú Ò Ö ÓÒ Ø×Ý׺Ùк º ר֨º ÖÚÛ Ó% &ÅĹ ÓÑÔÐ ÒØ Ù×Ö ÒØÖ% × ÖÔØÓÒ Ð Ò¹ #Ù #× × ÔÖÓ Ù Ø Ø ÓÑÔ Ö× ×#Ò¬ ÒØ×Ð ØÓÒÓ%Ú ÖÓÙ× Ð Ò¹ #Ù #× Ö××Ò# «ÖÒØ #Ó Ð׸ ×Ù ×ÑÙÐØ¹ÔÐ Ø%ÓÖÑ Ù×Ö ÒØÖ% ׸ Ú ¹ÒÔ ÒÒ ¸ ÓÒØÒØ ÐÚÖݸ Ò Ù×Ö ÒØÖ% × ÚÖØÙ ÐÐÝ ¹ ¬Òº Ì Ö × - Ò ÐÓÒ# רÓÖÝ Ò ØÖ ØÓÒ ØÓ ØØÑÔØ ØÓ ÔØÙÖ Ø ××Ò Ó% Ù×Ö ÒØÖ% × Ø Ú ÖÓÙ× ÐÚÐ× Ó% -×ØÖ ØÓÒ %ÓÖ «Ö¹ ÒØ ÔÙÖÔ Ó×׺ Ì ÖØÙÖÒ Ó% Ø × ÕÙרÓÒ ØÓ Ý # Ò× ÑÓÖ ØØÖ ØÓÒ¸ ÐÓÒ# ÛØ Ø ××ÑÒ ØÓÒ Ó% &ÅÄ Ñ Ö.ÙÔ Ð Ò#Ù #׸ Ò #Ú× -ÖØ ØÓ Ñ ÒÝ ÔÖÓÔ Ó× Ð× %ÓÖ ÒÛ Ù×Ö ÒØÖ% × ÖÔØÓÒ Ð Ò#Ù #º /ÓÒ×¹ ÕÙÒØÐݸ Ø Ö × Ò ØÓ ÓÒÙ Ø Ò Ò¹ÔØ Ò ÐÝ×× Ó% % ØÙÖ× Ø Ø Ñ . ÐÐ Ø × ÔÖÓÔ Ó× Ð× × ÖÑÒ ÒØ Ò ÔÔÖÓÔÖ Ø %ÓÖ ÒÝ×Ô ¬ ÔÙÖÔ Ó׺ Ì ÖÚÛ × ÜØÒ×ÚÐÝ ÓÒÙ Ø ÓÒ ×#Ò¬ ÒØ ×Ù-ר Ó% ×Ù Ð Ò#Ù #× - × ÓÒ Ò Ò ÐÝ×× #Ö Ò Ù×Ö ÒØÖ% × Ø Ø Û ØÖ ØÓ ÑÔÐÑÒØ ÖÓ×× Ø × Ð Ò#Ù #׺ ½ ÁÒØÖÓ Ù Ø ÓÒ ÓÖ ÝÖ׸ ÀÙÑÒ¹ÓÑÔÙØÖ ÁÒØÖØÓÒ ´ÀÁµ ÛØÒ×× Ô ÖÒÒÐ Ö ÓÖ Ø ÙÐØÑØ Í×Ö ÁÒØÖ ´ÍÁµ ×ÖÔØÓÒ ÄÒÙ ØØ ÛÓÙÐ ÐÐÝ Ô¹ ØÙÖ Ø ××Ò Ó ÛØ ÍÁ ÓÙÐ ÓÖ ×ÓÙÐ º ÍÁ ×ÖÔØÓÒ ÄÒÙ ´ÍÁĵ ÓÒ××Ø× Ó ¹ÐÚÐ ÓÑÔÙØÖ ÐÒÙ ÓÖ ×ÖÒ ÖØÖ×¹ Ø× Ó ÒØÖר Ó ÍÁ ÛØ Ö×Ô Ø ØÓ Ø Öר Ó Ò ÒØÖØÚ ÔÔÐØÓÒº ËÙ ÐÒÙ ÒÚÓÐÚ× ¬ÒÒ ×ÝÒØÜ ´ºº ÓÛ Ø× ÖØÖ×Ø× Ò ÜÔÖ×× Ò ØÖÑ× Ó Ø ÐÒÙµ Ò ×ÑÒØ× ´ºº¸ ÛØ Ó Ø× ÖØÖ¹ ×Ø× ÑÒ Ò Ø ÖÐ ÛÓÖеº ÁØ Ò ÓÒ×Ö × ÓÑÑÓÒ ÛÝ ØÓ ×Ô Ý ÍÁ ÒÔ ÒÒØÐÝ Ó ÒÝ ØÖØ ÐÒÙ ´ºº¸ ÔÖÓÖÑÑÒ ÓÖ ÑÖÙÔµ ØØ ÛÓÙÐ ×ÖÚ ØÓ ÑÔÐÑÒØ Ø× ÍÁº Ì ××Ù Ó ÍÁÄ Û× ¬Öר Ö× ÛÒ Ø Û× ÖÕÙÖ ØÓ ÚÐÓÔ ÍÁ Ð ÑÓ ÙÐ Ó Ò ÒØÖØÚ ÔÔÐØÓÒ ÖØÖ ØÒ ÑÖÐÝ ×Ö× Ó ÐÒ× Ó ×º ÌÒ¸ Ø× ××Ù Û× ÖÒÓÖ ÛÒ Ø ×Ö ÔÔ Ö× ØÓ ÑÓ Ð ÍÁ Ý×ØÓ ×Ô ¬ØÓÒ× ×Ó ×
    [Show full text]
  • Cross Site Scripting Attacks Xss Exploits and Defense.Pdf
    436_XSS_FM.qxd 4/20/07 1:18 PM Page ii 436_XSS_FM.qxd 4/20/07 1:18 PM Page i Visit us at www.syngress.com Syngress is committed to publishing high-quality books for IT Professionals and deliv- ering those books in media and formats that fit the demands of our customers. We are also committed to extending the utility of the book you purchase via additional mate- rials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our [email protected] Web pages. There you may find an assortment of value- added features such as free e-books related to the topic of this book, URLs of related Web sites, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of expertise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE E-BOOKS For readers who can’t wait for hard copy, we offer most of our titles in downloadable Adobe PDF form. These e-books are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings. SITE LICENSING Syngress has a well-established program for site licensing our e-books onto servers in corporations, educational institutions, and large organizations.
    [Show full text]
  • Visual Validation of SSL Certificates in the Mozilla Browser Using Hash Images
    CS Senior Honors Thesis: Visual Validation of SSL Certificates in the Mozilla Browser using Hash Images Hongxian Evelyn Tay [email protected] School of Computer Science Carnegie Mellon University Advisor: Professor Adrian Perrig Electrical & Computer Engineering Engineering & Public Policy School of Computer Science Carnegie Mellon University Monday, May 03, 2004 Abstract Many internet transactions nowadays require some form of authentication from the server for security purposes. Most browsers are presented with a certificate coming from the other end of the connection, which is then validated against root certificates installed in the browser, thus establishing the server identity in a secure connection. However, an adversary can install his own root certificate in the browser and fool the client into thinking that he is connected to the correct server. Unless the client checks the certificate public key or fingerprint, he would never know if he is connected to a malicious server. These alphanumeric strings are hard to read and verify against, so most people do not take extra precautions to check. My thesis is to implement an additional process in server authentication on a browser, using human recognizable images. The process, Hash Visualization, produces unique images that are easily distinguishable and validated. Using a hash algorithm, a unique image is generated using the fingerprint of the certificate. Images are easily recognizable and the user can identify the unique image normally seen during a secure AND accurate connection. By making a visual comparison, the origin of the root certificate is known. 1. Introduction: The Problem 1.1 SSL Security The SSL (Secure Sockets Layer) Protocol has improved the state of web security in many Internet transactions, but its complexity and neglect of human factors has exposed several loopholes in security systems that use it.
    [Show full text]
  • Design Decisions for a Structured Front End to LATEX Documents
    Design decisions for a structured front end to LATEX documents Barry MacKichan MacKichan Software, Inc. barry dot mackichan at mackichan dot com 1 Logical design Procedural Scientific WorkPlace and Scientific Word are word processors that have been designed from the start to TeX handle mathematics gracefully. Their design philos- PostScript ophy is descended from Brian Reid’s Scribe,1 which emphasized the separation of content from form and 2 was also an inspiration for LATEX. This logical de- sign philosophy holds that the author of a document should concern him- or herself with the content of the document, and with identifying the role that each bit of text plays, such as a header, a footnote, Structured or a quote. The details of formatting should be ig- Unstructured nored by the author, and handled instead by a pre- defined (or custom) style specification. LaTeX There are several very compelling reasons for the separation of content from form. • The expertise of the author is in the content; PDF the expertise of the publisher is in the presen- tation. Declarative • Worrying and fussing about the presentation is wasted effort when done by the author, since Thus, PostScript is a powerful programming the publisher will impose its own formatting on language, but it was later supplemented by PDF, the paper. which is not a programming language, but instead contains declarations of where individual characters • Applying formatting algorithmically is the eas- are placed. PDF is not structured, but Adobe has iest way to assure consistency of presentation. been adding a structural overlay. LATEX is quite • When a document is re-purposed it can be re- structured, but it still contains visible signs of the formatted automatically for its new purpose.
    [Show full text]
  • Organizational Search in Email Systems Sruthi Bhushan Pitla Western Kentucky University, [email protected]
    Western Kentucky University TopSCHOLAR® Masters Theses & Specialist Projects Graduate School 5-2012 Organizational Search in Email Systems Sruthi Bhushan Pitla Western Kentucky University, [email protected] Follow this and additional works at: http://digitalcommons.wku.edu/theses Part of the Databases and Information Systems Commons Recommended Citation Pitla, Sruthi Bhushan, "Organizational Search in Email Systems" (2012). Masters Theses & Specialist Projects. Paper 1161. http://digitalcommons.wku.edu/theses/1161 This Thesis is brought to you for free and open access by TopSCHOLAR®. It has been accepted for inclusion in Masters Theses & Specialist Projects by an authorized administrator of TopSCHOLAR®. For more information, please contact [email protected]. ORGANIZATIONAL SEARCH IN EMAIL SYSTEMS A Thesis Presented to The Faculty of the Department of Mathematics and Computer Science Western Kentucky University Bowling Green, Kentucky In Partial Fulfillment Of the Requirements for the Degree Master of Science By Sruthi Bhushan Pitla May 2012 ACKNOWLEDGMENTS It was a great pleasure working under my graduate advisor, Dr. Guangming Xing, who provided me with everything I need to succeed. His inspiration and guidance at each and every step made this Master of Science degree so rewarding and satisfactory. He always encouraged my work in every possible way and also gave me the freedom to express and implement my ideas without any restrictions. I feel very fortunate and proud to have been his student and really think the experience which I gained working under him is invaluable. I would like to whole heartedly thank Dr. Xing for the immense trust and patience he has over me.
    [Show full text]
  • CARENA, a Tool to Capture and Replay Web Navigation Sessions
    CARENA, a tool to capture and replay web navigation sessions I. J. Niño, B. de la Ossa, J. A. Gil, J. Sahuquillo and A. Pont § Department of Computer Engineering. Polytechnic University of Valencia Camino de Vera, s/n. 46071Valencia (Spain) {innigon1, berospe}@doctor.upv.es, {jagil, jsahuqui, apont}@disca.upv.es Abstract Web user behavior has widely changed over the last years. To perform precise and up-to-date web user behavior characterization is important to carry out representative web performance studies. In this sense, it is valuable to capture detailed information about the user’s experience, which permits to perform a fine grain characterization. Two main types of tools are distinguishable: complex commercial software tools like workload generators and academic tools. The latter mainly concentrate on the development of windows applications which gather web events (e.g., browser events) or tools modifying a part of the web browser code. In this paper, we present CARENA, a client-side browser-embedded tool to capture and replay user navigation sessions. Like some commercial software packages our tool captures information about the user session, which can be used later to replay or mimic the gathered user navigation. Nevertheless, unlike these software packages, our tool emulates the original user think times since these times are important to obtain precise and reliable performance results. Among the main features of CARENA are: multiplatform, open source, lightweight, standards based, easily installable and usable, programmed in JavaScript and XUL. 1. Introduction The main goal of Web performance research is to reduce the users’ perceived latency. An important set of research has concentrated on techniques like caching or prefetching web contents.
    [Show full text]
  • Browser Security Guidance: Mozilla Firefox
    GOV.UK Guidance Browser Security Guidance: Mozilla Firefox Published Contents 1. Usage scenario 2. Summary of browser security 3. How the browser can best satisfy the security recommendations 4. Network architecture 5. Deployment process 6. Recommended configuration 7. Enterprise considerations This ALPHA guidance builds on the End User Devices Platform Security Guidance and is applicable to devices running Mozilla Firefox on a supported and well configured version of Windows. This guidance was tested on 64­bit Windows 8.1 Enterprise edition running Firefox 31.1.1 ESR. 1. Usage scenario Firefox will be used to access a variety of web services including: accessing intranet services hosted on an enterprise­provided OFFICIAL network accessing enterprise cloud services sourced from the Digital Marketplace accessing other Internet services and web resources To support these scenarios, the following architectural choices are recommended: All data should be routed through a secure enterprise VPN to ensure the confidentiality and integrity of traffic intended for the enterprise intranet All Internet data should be routed through an enterprise­hosted proxy to benefit from enterprise protective monitoring and logging solutions Arbitrary third­party extension installation by users is not permitted in the browser. A list of allowed trusted apps and extensions can be configured in Group Policy 2. Summary of browser security This browser has been assessed against each of the 12 security recommendations, and that assessment is shown in the table below. Explanatory text indicates that there is something related to that recommendation that the risk owners should be aware of. Rows marked [!] represent a more significant risk.
    [Show full text]
  • Firefox Hacks Is Ideal for Power Users Who Want to Maximize The
    Firefox Hacks By Nigel McFarlane Publisher: O'Reilly Pub Date: March 2005 ISBN: 0-596-00928-3 Pages: 398 Table of • Contents • Index • Reviews Reader Firefox Hacks is ideal for power users who want to maximize the • Reviews effectiveness of Firefox, the next-generation web browser that is quickly • Errata gaining in popularity. This highly-focused book offers all the valuable tips • Academic and tools you need to enjoy a superior and safer browsing experience. Learn how to customize its deployment, appearance, features, and functionality. Firefox Hacks By Nigel McFarlane Publisher: O'Reilly Pub Date: March 2005 ISBN: 0-596-00928-3 Pages: 398 Table of • Contents • Index • Reviews Reader • Reviews • Errata • Academic Copyright Credits About the Author Contributors Acknowledgments Preface Why Firefox Hacks? How to Use This Book How This Book Is Organized Conventions Used in This Book Using Code Examples Safari® Enabled How to Contact Us Got a Hack? Chapter 1. Firefox Basics Section 1.1. Hacks 1-10 Section 1.2. Get Oriented Hack 1. Ten Ways to Display a Web Page Hack 2. Ten Ways to Navigate to a Web Page Hack 3. Find Stuff Hack 4. Identify and Use Toolbar Icons Hack 5. Use Keyboard Shortcuts Hack 6. Make Firefox Look Different Hack 7. Stop Once-Only Dialogs Safely Hack 8. Flush and Clear Absolutely Everything Hack 9. Make Firefox Go Fast Hack 10. Start Up from the Command Line Chapter 2. Security Section 2.1. Hacks 11-21 Hack 11. Drop Miscellaneous Security Blocks Hack 12. Raise Security to Protect Dummies Hack 13. Stop All Secret Network Activity Hack 14.
    [Show full text]