Re: Iframes in website



hellkyng@xxxxxxxxx wrote:
I am considering using iframes in one of my websites. From researching security issues it seems like the biggest risk they present is when you browse to untrusted sites using iframes.

Am I correct in thinking that there is very little if any additional risk cause by using iframes on my site?

Any iframe related vulnerabilities or other concerns I should be aware of?

Thanks as always for the replys!
Mike

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
----------------------------------------------------------------------
Since you are using iframes to navigate portions of your own site, it will ordinarily not pose a threat, but there might be possible users that have blocked iframes in their browsers. Does the browser show any warnings if a page containing iframes is being loaded? If so, that might be a cause of concern for users as well, even if everything on the site is legitimate and risk-free.

Any particular reason for using iframes in your site? We had used iframes to build an intranet site in my college, where we were using JSP/Servlets. However as we got more comfortable with JSP/Servlets, we ended up replacing all iframes with JSP code.

See if you can work around the problem.
Cheers
Ameya R.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------