Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Plain text site version - any flaws?


  • Please log in to reply
4 replies to this topic

#1 webrat

webrat

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:45 AM

Posted 19 October 2008 - 01:38 PM

Hey folks,


I'm currently building a kind of resource site for some groups I'm involved in. Alongside the main site I'm building a plain text version for good accessibility. I'm just wondering if this sparks any securtiy issues that anyone knows of??. Both versions are in seperate folders and are reached from an entry page where you can decide which site to use. Ultimately things may be sold on the site, which is my main concern security-wise in the long term. Hope that makes sense!

Cheers

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:11:45 PM

Posted 19 October 2008 - 04:11 PM

I am a little unclear on what you mean by a 'text only' website. Do you mean it is all of the web content, except in a.txt format, or do you mean that it is a plain HTML with no eye-candy (like a printer friendly version)?

#3 webrat

webrat
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:45 AM

Posted 20 October 2008 - 03:42 AM

Hey groovicus,

Basically I've taken the text from the original and stripped out graphics, complex formatting such as tables etc and restyled it with a much simpler CSS stylesheet, which does make it more print friendly and maximises access for screenreaders. I'm sure there is a better way to do it, but at my level seperating content from style is about as complex as it gets!

I just want to be reasonably sure that I'm not building in a major security issue by doing so - I have a couple of key concerns:

1. The form data aspects (Comments, question etc etc) of both versions currently share the same id's and classes. I have not built the php aspects yet so this can be changed easily.

2. At some point both versions are likely to terminate at the same payment processing page(s). Does the fact that many elelments share ids, classes and filenames 'upstream' of the payment procesing fundamentally affect the security in some way?

I'm not looking for major detail at this stage as it's organised enough that I can change it all fairly easily if necessary. But if it's a case of 'You really don't want to do that'......

Cheers

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:11:45 PM

Posted 20 October 2008 - 05:47 AM

I can't see that there would be any issues by having two versions of the website. Are you familiar with the "Model-View-Controller" design?

Successful use of the pattern isolates business logic from user interface considerations, resulting in an application where it is easier to modify either the visual appearance of the application or the underlying business rules without affecting the other.



#5 webrat

webrat
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:45 AM

Posted 20 October 2008 - 06:38 AM

Hey groovicus,

Many thanks for that. Early on I mapped as much of the site as possible using Dia (a basic flowchart editor) and it shouldn't be too difficult to achieve a simplistic version of the model with a bit of thought. I've got some reference texts which didn't make a lot of sense until you raised the point, but deal with this very issue. :thumbsup:

Cheers

Jason




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users