Is there any way to prevent saving to local hard drives but still allowing patrons to save Web pages properly on Win98?
Win98 does not have MMC, so we cannot it to control the Save dialog. Both WinSelect (which we use) and PWB (which we will soon use to replace IE) have an option for restricted saving, but neither allow restricted saving while retaining the ablility of saving complete Web pages either as a "Web Page, complete (*.htm or *.html)" or "Web Archive, single file (*.mht)".
Basically without any restricted saving, even with the C: drive hidden, a patron can type "C:" in the File name field, click Save, enter the name of their file, and click save again to save the file to the C: drive. Also, if somhow a patron knew the name of the network server, they could enter "//nameofserver" instead of "C:" and be able to save their file on the server.
Please help! Thanks!
Blocking saving to C: but saving pages correctly on Win98
Moderators: Tyler, Scott, PWB v2 Moderator
Blocking saving to C: but saving pages correctly on Win98
Jason Weinstein
Application Support Technicain
Eugene Public Library
Eugene, OR
Application Support Technicain
Eugene Public Library
Eugene, OR
-
Philip - Long Beach NY
- Benefactor
- Posts: 82
- Joined: Fri Feb 28, 2003 2:30 pm
If you are using pwb 2.04 then use the URL .txt file located in the pwb folder. It should say in the file:
+all
-C:\
The +all allows access to all websites but if someone is sneaky and likes to type in the address bar the command file:///C:\ and hit enter, they will get access to the drive. Enabling the URL file will prevent this. Just make sure that you set CheckURLAccess to True under the [Security] section of the .INI file.
I've never had trouble with people saving html files to a floppy with the restricted save feature enabled. If they do a File -->Save As to save a webpage with the RestrictedSave enabled, and you have it set to save only to a floppy, it will prompt them for a disk. If they try to type "C:" in the filename field, the ''bad filename character'' error message pops up. I don't see how they would be able to save to the hard disk this way. If you are allowing them to save to the hard drive via the RestrictedSave, by putting in "C" in the directory field of the .INI then they will be able to save there.
I am using XP with registry tweaks from www.winguides.com, try them to see if any 98 tweaks will resolve securing the operating system.
Hope this helps,
Philip - Long Beach NY
+all
-C:\
The +all allows access to all websites but if someone is sneaky and likes to type in the address bar the command file:///C:\ and hit enter, they will get access to the drive. Enabling the URL file will prevent this. Just make sure that you set CheckURLAccess to True under the [Security] section of the .INI file.
I've never had trouble with people saving html files to a floppy with the restricted save feature enabled. If they do a File -->Save As to save a webpage with the RestrictedSave enabled, and you have it set to save only to a floppy, it will prompt them for a disk. If they try to type "C:" in the filename field, the ''bad filename character'' error message pops up. I don't see how they would be able to save to the hard disk this way. If you are allowing them to save to the hard drive via the RestrictedSave, by putting in "C" in the directory field of the .INI then they will be able to save there.
I am using XP with registry tweaks from www.winguides.com, try them to see if any 98 tweaks will resolve securing the operating system.
Hope this helps,
Philip - Long Beach NY
Complexity is the enemy of security
-- Steve Gibson
-- Steve Gibson