Market Ruler HelpDifference between revisions of "Clickable Links"
m (Lori moved page Mobile Password Safe - Clickable Links to Clickable Links) |
|||
| Line 1: | Line 1: | ||
| − | + | === Security Implications === | |
| − | |||
| − | |||
Despite the fact that all of your passwords are encrypted on your | Despite the fact that all of your passwords are encrypted on your | ||
| Line 20: | Line 18: | ||
'''We could turn off our server logs''' , but it makes it difficult to run our service at all because it '''does''' hold important diagnostic information. | '''We could turn off our server logs''' , but it makes it difficult to run our service at all because it '''does''' hold important diagnostic information. | ||
| − | + | === Spam === | |
Once we have a "redirector" page, it means that spammers can use it to hide in their spam emails to avoid spam filters. Instead of sending you to: | Once we have a "redirector" page, it means that spammers can use it to hide in their spam emails to avoid spam filters. Instead of sending you to: | ||
| Line 30: | Line 28: | ||
Since we don't want our domain name to be blacklisted by anti-spam companies, and we don't want to do anything to help spammers (in the ''least'') then it becomes difficult to allow just our users to use the outbound links. | Since we don't want our domain name to be blacklisted by anti-spam companies, and we don't want to do anything to help spammers (in the ''least'') then it becomes difficult to allow just our users to use the outbound links. | ||
| − | + | === Our solution === | |
Our solution uses [http://wiki.marketruler.com/JavaScript JavaScript] so the URL you visit is hidden from our servers (it only exists in your browser), and a redirect page which hides your home page URL from other sites. | Our solution uses [http://wiki.marketruler.com/JavaScript JavaScript] so the URL you visit is hidden from our servers (it only exists in your browser), and a redirect page which hides your home page URL from other sites. | ||
| − | + | === How to test it === | |
We offer an easy way to test the referrer security: | We offer an easy way to test the referrer security: | ||
Latest revision as of 18:14, 24 April 2020
Security Implications
Despite the fact that all of your passwords are encrypted on your
mobile password safe home page, we still don't want to make it easy for
others to get the URL. Whenever you link from one web site to another,
a Referrer is passed to the next web site.
This means that the sites we link to would know your Mobile Password Safe URL, and we don't want that.
There is a way to do this which we've implemented on the home
page to link to the "Hunch" site.
(It uses a "redirector" which takes you to another generic page, which then redirects to the Hunch site. Hunch only sees the generic page, not your password home page.)
Secondarily, we don't also want to know which sites you're visiting.
If you go through a redirector tool on our site, then our web server would see it and log it.
We could turn off our server logs , but it makes it difficult to run our service at all because it does hold important diagnostic information.
Spam
Once we have a "redirector" page, it means that spammers can use it to hide in their spam emails to avoid spam filters. Instead of sending you to:
- http://www.viagra-buy-drugs-online.com/
They send you to (for example):
- http://pw.ex.to/out/?u=http://www.viagra-buy-drugs-online.com/
Spam filters look at the pw.ex.to part, not the u= part, so we would be blacklisted.
Since we don't want our domain name to be blacklisted by anti-spam companies, and we don't want to do anything to help spammers (in the least) then it becomes difficult to allow just our users to use the outbound links.
Our solution
Our solution uses JavaScript so the URL you visit is hidden from our servers (it only exists in your browser), and a redirect page which hides your home page URL from other sites.
How to test it
We offer an easy way to test the referrer security:
- Add https://pw.ex.to/show-referrer to one of your password entries
- Click on the link in the password entry
- View the referrer that the web server "sees"