2.5 Page protection tips
Protecting non-image files
Although CopySafe Web was designed to protect images by encrypting
them and displaying them in our security applet, with careful
coding CopySafe Web Insert can be used to protect almost all content
that can be displayed on a web page.
Protecting normal pages within a frameset
A frameset is a page arrangement that enables several pages to be
displayed in the same browser window. By using a small CopySafe Web
applet within the static page (such as the header or menu page for
the frameset) you can protect all other normal pages opening in that
frameset. To use frameset protection please observe the following:
- Firstly, disabling any of the security functions with
the csi options is NOT recommended with frameset use at
all.
- Each page belonging to the frameset needs to be protected
from opening outside the frameset by using a JavaScript.
Add the insert tag to your page header tags and then add
the following line to the body tag where the page link is
that of the frameset itself: onLoad="tmt_backtoframe('index.html')"
- All links given from the frameset pages must be targeted
to the respective frame names.
- All links given for pages outside the frameset must use
target=_top.
|
Protecting from direct linking (referrer method)
Allowing visitors to bookmark your protected pages and return by using
a direct link (and not from a link within your web site) is not recommended.
There are many ways to ensure that this doesn't happen depending on
the script format supported by your web site. For example if using
FrontPage, which supports ASP, you could use the following code:
Dim strCheckReferrer
strCheckReferrer = Request.ServerVariables("HTTP_REFERER")
If strCheckReferrer <> "" then
Response.write""
Else
Response.redirect"/protected_index.asp"
End if
Above is the ASP is checking for a referrer. If they are using a bookmark
there will be no referrer and they will be redirected to your index
page. If you want to further protect to ensure that they are not following
a link from a forum or another page outside of your web site you could
use the following code:
Dim strCheckReferrer
strCheckReferrer = Request.ServerVariables("HTTP_REFERER")
If strCheckReferrer <> "" then
dim AA, BB
AA = Lcase(strCheckReferrer)
BB = "mysite.com"
if InStr(1,AA,BB,0)>0 then
Response.Write""
else
Response.redirect"/protected_index.asp"
end if
end if
The script above is checking that the referrer is your web site ensuring
that they have accessed the protected page from a link from within
your web site. For this to work properly the referrer has already
been converted to lower case, so what you write in as your site for
BB should be lower case also. Note that the FrontPage web page must
be named as an ASP page, for example "exhibit_1.asp"
Protecting from direct linking (session method)
You can also protect direct linking by checking for a session ID (no
cookie required). Then on the protected page, check their current
session ID against the one used in the link. If they don't match then
that means that the link came in from a bookmark or a direct link
posted on a forum. If you don't want to allow direct links you can
then redirect to the index or an error page. On the top of the protected
page you can use ASP like:
Dim mySessionID, mySessionCheck
mySessionID = Session.SessionID
mySessionCheck = request("t")
if mySessionCheck <> mySessionID then
response.redirect"index.asp?err=direct"
end if
The err can be loaded as a request field and scripted with a custom
message. On your index page you can then use links like:
<a href="page.asp?t=<%= mySessionID %>"> LINK</a>
|
|