Thursday, 31 January 2013

HTML Page Examination


HTML Page Examination

HTML pages can be rewritten at the firewall so that no applet tags are
left in the HTML file. This will have the effect that the browser will
never ask for an applet to be fetched across the firewall. The pitfall
associated with this is that JavaScript can be used to build applet tags

on the fly. Although there is no applet tag in the HTML file, the
browser’s executing of JavaScript will cause it to be inserted at the time
the page is viewed.
Conclusion
There is no easy solution to make sure that executable content is
handled - and if necessary intercepted and discarded - in a secure
fashion. The pragmatic advice by most specialists for the moment
seems to be: turn it off. In other words, do not allow Java and ActiveX
applets to pass through the firewall by disabling them in the settings of
the Web browser and wherever it is possible to disallow them. Clearly,
this is just a temporary fix, which has to be examined considering the
future importance of distributed computing environments.

No comments:

Post a Comment