View Source

For general issues related to PWB v2.

Moderators: Tyler, Scott, PWB v2 Moderator

Post Reply
Scott
Site Admin
Site Admin
Posts: 2539
Joined: Mon Dec 16, 2002 12:31 pm
Location: Rochester, MN
Contact:

View Source

Post by Scott »

From the Guest Book:
Subject FLAW
Comments
just wanted to let you guys know that i am at a library right now, with full acess to the HD, and all programs, thanks to you. The "View Source" option, in Public Web Browser v2 opens notepad. BIG MISTAKE. by doing so, i can select File > Open, then select any file and execute it using the shell menu. Thanks guys. Without you, I would never have gotten through the security.
This is a good point, if you are trying to prevent access to the hard drive you will want to remove the View Source from the menu. Or perhaps you should use Windows Policies to hide the hard drives. This same thing can be done from Adobe Acrobat as well.

--Scott

spragers
Benefactor
Benefactor
Posts: 153
Joined: Fri Dec 27, 2002 9:11 am
Contact:

Post by spragers »

I've never considered PWB to be a security program in and of itself - rather, a secure interface to the security nightmare that is Internet Explorer. We've used additional security programs here since I started (initially WinSelect, which I could not in good faith recommend to anyone), including Fortres, DriveShield, and a number of registry "hacks." All public computers are also filtered, and our system network has additional security measures in place - and we are by no means a very large system (30 libraries, 300,000 residents). I did hear a story about one of our smaller libraries where, several years ago, they had not yet password-protected the BIOS settings on their public computers, and one hooligan managed to essentially destroy them all, but I have yet to encounter anything like that here. I should probably give a lot of that credit to DriveShield, since I no longer have to worry about spyware leftovers. Even so, I wouldn't think of running a public access Internet computer here without PWB.

I wonder if the "script kiddie" who figured that out feels "special" now :roll:

chrism
Participant
Participant
Posts: 12
Joined: Sat Jan 04, 2003 5:34 pm
Location: Ketchum, Idaho USA
Contact:

Post by chrism »

We use group policies to restrict viewing and access to the hard drive and network from any application, including Notepad. They work quite well. Alternately, Notepad can be blacklisted with a policy object if desired.

Enabling View Source in PWB is a great troubleshooting tool for me--often, I can understand a patron's problems simply by looking at the source for a page (e.g., table/div widths coded as absolute pixels and causing flow problems).

Chris

Post Reply