[ic] Allowing a particular domain access to content
Peter
peter at pajamian.dhs.org
Mon May 24 20:04:24 UTC 2010
On 25/05/10 03:15, Rene wrote:
> On 24.05.2010 17:05, Paul Jordan wrote:
>
>> Site1 is displaying content through an iframe. I checked and the only
>> IP's that are in [env] are the visitor, and Site2, Site1 is only
>> mentioned in the referrer. Since the iframe is really called from the
>> visitors browser I guess there is really not much I can do.
>>
>> Is there anything I can suggest to these people that would make it more
>> plausible to achieve this type of security?
>
> Hi Paul!
>
> What you need is a framekiller. There is plenty of different ideas out
> there, but here i found a nice place you can start from:
>
> http://en.wikipedia.org/wiki/Framekiller
>
> Of course this requires that the user has JS enabled, but the chance the
> would not is quite small..
Nope, he wants the reverse ... to reliably make sure that the page is
displayed inside a frame from a specific URL.
Peter
More information about the interchange-users
mailing list