browser cipher strength and browser back button disabling

browser cipher strength and browser back button disabling

Post by Paul Barbe » Sat, 07 Apr 2001 00:28:33



Help!!

All Browsers

I need a way to be able to determine the cipher strength of browsers link to
my site. Also does anyone know how to disable the Back button within the
browser to stop people going to the previous page?, or a way to make the
page expire as the user leaves the page. Have any of you Apache / Tomcat
experts got a way of stopping the user going back to the previous page ?.

 
 
 

browser cipher strength and browser back button disabling

Post by Jon Thackr » Sat, 07 Apr 2001 01:26:44


Quote:> I need a way to be able to determine the cipher strength of browsers link to
> my site.

Look in the environment for HTTPS_KEYSIZE.

Quote:> Also does anyone know how to disable the Back button within the
> browser to stop people going to the previous page?, or a way to make the
> page expire as the user leaves the page. Have any of you Apache / Tomcat
> experts got a way of stopping the user going back to the previous page ?.

You can't reliably do this.

Cheers,
Jon.

--
Jonathan Thackray         Zeus House, Cowley Road, Cambridge CB4 OZT, UK
Software Engineer                   +44 1223 525000, fax +44 1223 525100
Zeus Technology                                         http://zeus.com/

 
 
 

browser cipher strength and browser back button disabling

Post by Paul Rubi » Sat, 07 Apr 2001 02:45:40



> I need a way to be able to determine the cipher strength of browsers link to
> my site. Also does anyone know how to disable the Back button within the
> browser to stop people going to the previous page?, or a way to make the
> page expire as the user leaves the page. Have any of you Apache / Tomcat
> experts got a way of stopping the user going back to the previous page ?.

There's usually a cgi environment variable (its name varies depending
on the server) that tells you the cipher strength.

There are various ways of defeating the "back" button but that's
obnoxious to the user.  I'm certainly not going to encourage it.

You can defeat caching HTTP pages setting pragma: nocache and ALSO
putting an expiration date in the past and maybe 1 or 2 other things.
Read the HTTP spec and set ALL the headers that can possibly turn off
caching.  Some browsers are very aggressive about caching and you have
to be very persistent to make them stop.  However, when the page is
sent by HTTPS, the browser normally won't cache it, since it would be
bad to leave secret data on the HD for other people to find.  If
that's what you're worried about, it's generally taken care of.

 
 
 

browser cipher strength and browser back button disabling

Post by Jerry Peter » Sat, 07 Apr 2001 07:36:04



Quote:> Help!!
> All Browsers
> I need a way to be able to determine the cipher strength of browsers link to
> my site. Also does anyone know how to disable the Back button within the
> browser to stop people going to the previous page?, or a way to make the
> page expire as the user leaves the page. Have any of you Apache / Tomcat
> experts got a way of stopping the user going back to the previous page ?.

Why? I get royally pissed when a site disables my back button.
 
 
 

browser cipher strength and browser back button disabling

Post by John » Sun, 08 Apr 2001 06:56:29


I know the chap that's doing this and know why he's doing it, it's because a
customer wants to use and e-commerce solution in kiosk type things and
doesn't want different users to be able to go back to payments made by other
customers.

Know what you mean though, can't stand having things like that forced upon
me when using my own computer, but you can see the need for it here...

JB


> In comp.infosystems.www.browsers.x Paul Barber

> > Help!!

> > All Browsers

> > I need a way to be able to determine the cipher strength of browsers
link to
> > my site. Also does anyone know how to disable the Back button within the
> > browser to stop people going to the previous page?, or a way to make the
> > page expire as the user leaves the page. Have any of you Apache / Tomcat
> > experts got a way of stopping the user going back to the previous page
?.

> Why? I get royally pissed when a site disables my back button.

 
 
 

browser cipher strength and browser back button disabling

Post by Peter Flyn » Mon, 09 Apr 2001 08:33:02



> I know the chap that's doing this and know why he's doing it, it's because a
> customer wants to use and e-commerce solution in kiosk type things and
> doesn't want different users to be able to go back to payments made by other
> customers.

> Know what you mean though, can't stand having things like that forced upon
> me when using my own computer, but you can see the need for it here...

But you don't have to disable the BACK button to do this. All you
have to do is break the maintenance of state after the transaction
has been concluded. If a subsequent user tries to go BACK, all
they will get is the prior login or introductory page, not the
transaction.

///Peter

 
 
 

browser cipher strength and browser back button disabling

Post by John » Tue, 10 Apr 2001 01:06:49


Well you lost me there! ;-)

JB



> > I know the chap that's doing this and know why he's doing it, it's
because a
> > customer wants to use and e-commerce solution in kiosk type things and
> > doesn't want different users to be able to go back to payments made by
other
> > customers.

> > Know what you mean though, can't stand having things like that forced
upon
> > me when using my own computer, but you can see the need for it here...

> But you don't have to disable the BACK button to do this. All you
> have to do is break the maintenance of state after the transaction
> has been concluded. If a subsequent user tries to go BACK, all
> they will get is the prior login or introductory page, not the
> transaction.

> ///Peter

 
 
 

browser cipher strength and browser back button disabling

Post by Peter Flyn » Tue, 10 Apr 2001 01:21:40



> Well you lost me there! ;-)

At a crude level, if you set a META element for the HTTP header PRAGMA
to "no-cache" so that the page is forced to reload, AND your forms
always use POST not GET, AND your server-side script checks for
duplicate actions on identical data, AND you use an "on-" attribute
to detect when the user tries to move off or onto a page, then your
script can send a new login page instead of the one the user is
trying to load back.

///Peter

 
 
 

browser cipher strength and browser back button disabling

Post by John » Tue, 10 Apr 2001 07:30:13


Ah right, follw that explanaition, I'm more a server person than a scripter
/ programmer and to be honest I've only been in on the web server game for
about a year anyway, do you have any good sites where I could at this a bit
more in depth (aimed at JSP and Perl under apache / tomcat) as i'd be
interested in looking a bit more into this.

Cheers

John B


> > Well you lost me there! ;-)

> At a crude level, if you set a META element for the HTTP header PRAGMA
> to "no-cache" so that the page is forced to reload, AND your forms
> always use POST not GET, AND your server-side script checks for
> duplicate actions on identical data, AND you use an "on-" attribute
> to detect when the user tries to move off or onto a page, then your
> script can send a new login page instead of the one the user is
> trying to load back.

> ///Peter

 
 
 

browser cipher strength and browser back button disabling

Post by David Bake » Tue, 10 Apr 2001 14:06:32


testing..

> Help!!

> All Browsers

> I need a way to be able to determine the cipher strength of browsers link to
> my site. Also does anyone know how to disable the Back button within the
> browser to stop people going to the previous page?, or a way to make the
> page expire as the user leaves the page. Have any of you Apache / Tomcat
> experts got a way of stopping the user going back to the previous page ?.

 
 
 

browser cipher strength and browser back button disabling

Post by Paul Barbe » Wed, 11 Apr 2001 17:19:17


The reason for disabling the back button is because the site is used for
secure internet payments.

> In comp.infosystems.www.browsers.x Paul Barber

> > Help!!

> > All Browsers

> > I need a way to be able to determine the cipher strength of browsers
link to
> > my site. Also does anyone know how to disable the Back button within the
> > browser to stop people going to the previous page?, or a way to make the
> > page expire as the user leaves the page. Have any of you Apache / Tomcat
> > experts got a way of stopping the user going back to the previous page
?.

> Why? I get royally pissed when a site disables my back button.

 
 
 

browser cipher strength and browser back button disabling

Post by Paul Rubi » Thu, 12 Apr 2001 01:41:46



> The reason for disabling the back button is because the site is used for
> secure internet payments.

You're still confused--the issue isn't to keep someone from revisiting
a URL, but to keep the URL from re-sending the secure content when someone
visits it a second time.  Remember that people can always revisit the url
by finding it in their history list even if there's no "back" button.

You have to get this right in your server side application.  It has nothing
to do with the browser or the back button.

 
 
 

browser cipher strength and browser back button disabling

Post by Tor Arnts » Thu, 12 Apr 2001 03:49:24



>The reason for disabling the back button is because the site is used for
>secure internet payments.

Useless method (see other postings about that).  It won't help.
Besides, the 'go' menu in Netscape will get you there anyway.

Web pages that try to disable or control functionality in browsers
are generally considered fascist pages.  Not recommended, if you want
hits.

-Tor

 
 
 

1. Deducting browser cipher encryption

Hi,
I need to be able to determine whether users who hit my site have the
128 bit encryption patch installed on their Internet Explorer
4.x/Netscape Navigator4.x. I'm running Netscape Enterprise Web Server
3.6.3 on Solaris. I tired to deduct with Javascript but it is not
working for Internet Explorer.
If I want to access "HTTPS", "HTTPS_KEYSIZE", and
"HTTPS_SECRETKEYSIZE" from NES, How do I access through Java/CGI
programs?

The are some good features are available in NES 4.x, but I can't use
it because of the restriction at my client's place.

Any suggestions are Welcome.

Bala.

2. Integration with Netscape LDAP Directory Server

3. looking for open source object browser (besides "oo-browser")

4. programming man page

5. LINKS-Browser as Frontend for Automation, was: Embedded Linux Web Browsers

6. Slackware 3.0 install woes ... please help!

7. how to make linux browser looks like windows browser

8. Graphical IDE for Linux??

9. A Browser is a Browser

10. Client Cipher Strength (Help!)

11. apache cipher strength issues...

12. browser stop button semantics

13. CGI-BIN Perl Script Not Routed Back to Browser using Apache