Netscape Security Button

Jeff Bobicki bobicki at amigo.net
Mon May 4 20:54:48 EDT 1998


Hi James and everybody !

There is no way to remove just that button. I did spend a great deal of
time with this issue and really saw it as no threat but you may have found
a hole I did not see. I thought this button was annoying but not a problem
for the following reasons:

1) The Librowse shortcut on the desktop "forces Java" to turn on regardless
of what the patron did during the previous session.

2) All of the relevent pages are "replaced from the secure area" at each
Librowse startup so the patron can not harm anything.

3) The "magic" pages that are used are stored in the "personal web server
root" which should be unavailable to the patron anyway.   

What / where is this MAC or NIC address (8 16bit hex code) you refer to ??
I will look into it and see what I can do. I may be able to "grey out" that
section making it unavailable for modification by the patron.

Best Regards,

Jeff Bobicki
Technical Consultant
Colorado Southwest Regional Library System

At 12:50 AM 5/3/98 -0400, James Cayz wrote:
>All,
>
>	(I've Cc'ed Jeff Bobicki, the author of LibBrowse, to this).
>
>	The Netscape Security Button is particularly insidious.  If you
>are using a product like LibBrowse, then Security / Java/Javascript allows
>the abusive patron to see and _delete_ two entries - one is the page that
>does some of the magic, and another, that looks like a MAC or NIC address
>(8 16bit hex code).  Deleting the former is not so bad.  Deleting the
>latter causes your browser to not accept any Java at all (or something
>similar), until you reload Netscape (and LibBrowse) all over again.  Not
>exactly the thing you want library staff to have to do often....
>
>	I must say, that between a combination of WinU 4, Netscape 4.03,
>LibBrowse, and some JavaScript, even I am getting happy about producing a
>"bullet-proof" Internet Access Station that meets all my requirements...
>(Don't ask, the list of requirements is far too long).
>
>	So, I guess the question still stands - any way to kill _just_ the
>button (not the whole bar), or make the file it affects unchangeable, even
>to Netscape?  CCK is not an option - as a State Agency, we can not agree
>to the Netscape licensing for this product, even though it is _free_...
>
>	Thanks in Advance.
>
>	James Cayz
>
>+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+
>[ James Cayz # cayz at lib.de.us # Del-AWARE homepage: http://www.lib.de.us   ]
>[ Network Processing Administrator #  302-739-4748 x130 # Fax 302-739-6948 ]
>[ Delaware Division of Libraries # 43 S. DuPont Hwy / Dover, DE 19901-7430 ]
>+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
>
>On Wed, 29 Apr 1998, Brian D. Jennison wrote:
>>Some patrons have been fooling around with the security button in our 
>>Netscape 4.03 browsers on our public Internet stations.  They like to set 
>>
>>(We have already explored removing the whole button bar but decided against 
>>it.  And we have yet to find a way to remove only specific buttons on that 
>>bar.  Does the CCK allow for that?)
>
>
----------------------------------------


More information about the Web4lib mailing list