Re: Iframes in website

hellkyng@xxxxxxxxx wrote:
I am considering using iframes in one of my websites. From researching security issues it seems like the biggest risk they present is when you browse to untrusted sites using iframes.

Am I correct in thinking that there is very little if any additional risk cause by using iframes on my site?

Any iframe related vulnerabilities or other concerns I should be aware of?

Thanks as always for the replys!
Mike

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
----------------------------------------------------------------------
Since you are using iframes to navigate portions of your own site, it will ordinarily not pose a threat, but there might be possible users that have blocked iframes in their browsers. Does the browser show any warnings if a page containing iframes is being loaded? If so, that might be a cause of concern for users as well, even if everything on the site is legitimate and risk-free.

Any particular reason for using iframes in your site? We had used iframes to build an intranet site in my college, where we were using JSP/Servlets. However as we got more comfortable with JSP/Servlets, we ended up replacing all iframes with JSP code.

See if you can work around the problem.
Cheers
Ameya R.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Relevant Pages

  • Re: Help putting standard headers on all pages
    ... Not as bad as iframes. ... all "hi tech" seems to break at your ... browsers will handle it, but it does appear to be an alternative ...
    (comp.infosystems.www.authoring.html)
  • Re: Airdrie-Bathgate reopening website
    ... A very flaky and non-obvious menu that only works in some browsers - ... and ironically works best of all in a plain-text browser ... ... Iframes within iframes to really break the accessibility even further. ...
    (uk.net.web.authoring)
  • Re: Opera as goody goody?
    ... Well, you could do that, but it would not work on most browsers for now ... boilerplate text at the right place in the HTML of each page on a site, ... to bar my browsers from responding in any way to iFrames, ... turning visually to an inline separator - it corresponds to what ...
    (comp.infosystems.www.authoring.stylesheets)
  • Re: Setting innerHTML
    ... Eric Ryan Harrison wrote: ... that this is true and I've just been using browsers that don't have ... Should see beautiful iframes. ... scrolling being through the scrollbar on the main window. ...
    (comp.lang.javascript)
  • Re: Iframes in website
    ... Frame spoofing is considered an attack vector on frames and iframes. ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)