W3C home > Mailing lists > Public > www-html@w3.org > June 1999

Re: avoid visitors viewing inside pages

From: <sgambhir@web.fairfax.com.au>
Date: Thu, 01 Jul 1999 10:26:23 +1000
Message-ID: <377AB5AF.231E41F8@web.fairfax.com.au>
To: Ankit Fadia <ankit@bol.net.in>
CC: Mukul Gandhi <mgandhi@mtcindia.com>, Nicolas Lesbats <nlesbats@etu.utc.fr>, www-html@w3.org
The one outlined below limits the user to one-depth access... ie.. you
can go to index, then
to another page, but when when you go to the third, the referer is no
longer index, although you
have come 'via' index so to speak! The use of cookies would probably be
easiest... a cookie
that lasts a 'session' and is set in the index file.. other files can
check if the cookie is set,
and if not, point them to index!

:-)



Ankit Fadia wrote:

> Hi!How about something like this?<script>function verify(){var
> dofdof=document.referrerif(dof.referrer
> !="index.htm"){location='index.htm'}}</script><body
> onload=verify()>Will it work?Or you  can even use ASP to first include
> a registration form which inputs the username,password into a Database
> created in Microsoft Access then make a FD Entry and then in the
> index.htm(This will have to become index.asp) you will have to use SQL
> to search for the UserName PAssword and then if they are found we will
> use either Vbscript or JavaScript to go the inside pages.This requires
> the server to have SQL and ASP support and preferably running Windows
> NT or Even Windows 95,98 with Personal Web Server Installed .I am not
> sure but I think IIS 4.0 is also required for this to happenI suggest
> this is not just the right way to do it and only CGI should be used
> .The JAVA suggestion is not bad too.But CGI is the only simple
> thing.What do you guys think?BYEAnkit FAdia
>
>      ----- Original Message -----
>      From:sgambhir@web.fairfax.com.au
>      To: Nicolas Lesbats
>      Cc: Nathan Zaetta ; Aditya Hermawan ; W3HTML
>      Sent: Wednesday, June 30, 1999 5:49 AM
>      Subject: Re: avoid visitors viewing inside pages
>       From my understanding of things... there is a potential
>      solutions to the problem.
>
>      Since you can run javascript functions in the 'parent'
>      frame... how about doing something
>      like (here some pseudo-code :-)
>
>         <script language="pseudo-code">
>           if ( NOT parent.returntrue() ) {
>           // the returntrue function could not be run from the
>      parent frame
>           // so this page was progably accessed directly
>           location = index.html
>         </script>
>
>      this will probably only work for framed sites where you
>      don't want people to access pages
>      that are not via the index file (which contains the
>      returntrue() function!).
>
>      For non-framed sites, you will probably have to do something
>      nifty with the referer field!
>
>      :-)
>
>
>
>      Nicolas Lesbats wrote:
>
>     > On Tue, 29 Jun 1999, Nathan Zaetta wrote:
>     >
>     > | > You can add to each page of the site a
>     > | >
>     > | >  <meta http-equiv="refresh" content="0,
>     > http://.....index.html">
>     > |
>     > | Um, this solution also means that nobody can ever get to
>     > any other page, as
>     > | they will always be redirected back to the index
>     >
>     > In fact, this is because it *is not* a solution ! Just a
>     > part of a
>     > potential one...
>     >
>     > I had a similar problem (which is not solved). My site was
>     > built around a
>     > index.html file, which was a frames structure. To
>     > simplify, a 'left' frame
>     > (for a general menu), and a 'main' frame (for contents).
>     >
>     > I had, for instance, an article.html file, which was
>     > accessable from the
>     > index.html frameset. But it was too able to open it
>     > directly from a search
>     > engine.
>     >
>     > What I wanted to do yet was to 'reincorporate' (directly
>     > translated from
>     > french, I've some doubts about it) = 'integrate' =
>     > 'introduce' this file
>     > _in_ the index.html frameset.
>     >
>     > Let's take a possible processing, which will be clearer I
>     > hope.
>     >
>     >  * The user opens the article.html file, out of any
>     > frameset. An
>     > instruction in the article.html file tells the User Agent
>     > to re-open it in
>     > the index.html frameset, in the "main" frame.
>     >
>     > For example (totally invented XHTML) :
>     >
>     >         <link rev="frameset"    { or role="frameset" }
>     >          href="index.html?main=article.html"
>     > target="_parent"
>     >          xml:link="simple" actuate="auto" show="remplaced"
>     >
>     >         />
>     >
>     > What is important here is the possibility to specify the
>     > content of each
>     > frame in the URL of a frameset file. What do you think
>     > about the
>     > syntax above :
>     >
>     > http://www.foo
>     > com/frameset.html?frame_name=http%3A%2F%2Fwww.foo.com%2Fframe_content.html
>     >
>     >  * When the UA parses index.html, for example :
>     >
>     >         <frameset>
>     >          <frame name="left" href="left_frame.html" />
>     >          <frame name="main" href="main_frame.html" />
>     >         </frameset>
>     >
>     > it replaces the hyperreference of the main frame by the
>     > processing
>     > instruction included in the URL, here
>     > http://www.foo.com/article.html
>     >
>     > [Of course, it doesn't solve entirely the problem because
>     > the use of the
>     > 'actuate="auto"' attribute in the <link> element can be
>     > processed like a
>     > perpetual refresh of the page, though the 'auto' value
>     > still is ambiguous.
>     > It would be necessary to correct that too.
>     >
>     > Furthermore, it would be necessary to refer to the active
>     > page directly,
>     > without name it, for instance with a
>     >
>     >         href="index.html?main=" origin="this"
>     > or
>     >         href="index.html" frame="main" frame_href="this" ]
>     >
>     > Then, a solution for one of the Aditya's problems is to
>     > use an inline
>     > frame in index.html (<iframe> element) to display any
>     > other page.
>     >
>     > I think javascript can be used, but incompatibiliy between
>     >
>     > some browsers are very dissuading.
>     >
>     > The more workable solution I have found is to never use
>     > frames anymore...
>     > Furthermore, frame elements are deprecated according to
>     > some W3C working
>     > groups (but I don't agree with it).
>     >
>     > Since this list is designated to correct problems, have
>     > anyone any
>     > proposal about it ?
>     >
>     >                         Nicolas
>     >
>     > --
>     > Nicolas Lesbats - nlesbats@etu.utc.fr
>     > 85 r. Carnot 60200 Compiegne - France
>     >  06 86 800 908
>     >
>     > Plaider <http://wwwassos.utc.fr/~plaider/>
>     >
>     > 3:-)
>
>      --
>      Simran Gambhir
>      NBD, Fairfax
>      201 Sussex St. Darling Harbour, NSW, 2000.
>      Tel: +61 2 9282-2777  Fax: +61 2 9282-2256
>
>
>
--
Simran Gambhir
NBD, Fairfax
201 Sussex St. Darling Harbour, NSW, 2000.
Tel: +61 2 9282-2777  Fax: +61 2 9282-2256
Received on Wednesday, 30 June 1999 20:30:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2012 18:15:39 GMT