Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / Languages / JScript / April 2006

Tip: Looking for answers? Try searching our database.

Detect window type

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Bishoy George - 13 Apr 2006 12:25 GMT
Hi,
Is there a way in client side script so that a page can detect whether it is
opened in a pop up window, a normal window or a tab window?
Signature


Bishoy George
bishoy@bishoy.com
0102550399

Reply to this Message
Peter Torr (MS) - 13 Apr 2006 23:06 GMT
> Hi,
> Is there a way in client side script so that a page can detect whether it
> is opened in a pop up window, a normal window or a tab window?

Hey,

Usual response to questions like this is "Why do you want to do that?" :-)

Not to be snarky, but because often the intent is something completely
different (or something impossible...)

Peter

Signature

Peter Torr - http://blogs.msdn.com/ptorr
HD DVD Program Manager

Reply to this Message
Bishoy George - 14 Apr 2006 15:12 GMT
Hi Peter,

I want my page to detect that it is opened in a popup window or not, because
I want this page not to be saved.
I made all measures to prevent saving this secured page.
One thing is still hindering me: In IE7 when you click on the link to this
page while pressing CTRL button it opens in a tab window not in a pop up
window.

Is there any way then?
--------------------

>> Hi,
>> Is there a way in client side script so that a page can detect whether it
[quoted text clipped - 8 lines]
>
> Peter
Reply to this Message
Peter Torr (MS) - 15 Apr 2006 04:41 GMT
> Hi Peter,
>
[quoted text clipped - 4 lines]
> page while pressing CTRL button it opens in a tab window not in a pop up
> window.

Hi,

There is no fool-proof way to prevent a page from being saved. What's the
scenario for not allowing it to be saved? You can definitely make it harder
for people (at least naive users) to save what's on the screen through
File-Save.

But if you have some legal requirement or the like, you are out of luck.

Also this isn't really a .NET question; adding some IE groups

Peter

Signature

Peter Torr - http://blogs.msdn.com/ptorr
HD DVD Program Manager

Reply to this Message
Bishoy George - 15 Apr 2006 13:17 GMT
Dear Peter,
I did it except from the CTRL button problem.
The Scenario:
1- I prevented any browser from displaying the page except IE6 , IE7.
2- I disabled right-click and selection.
3- I disabled print-screen.
4- I prevented the browser from caching the page.
5- the name of the page is encrypted by a key and IV that is changed once
the page is loaded so they are one use only.
6- The page comes with Server.Execute() not with Response.Redirect() so the
previous page name is displayed instead of the real encrypted page name.
7- The page is opened in a pop up window to remove the menu bar to disable
File-Save As
The only drawback is in IE7 if the user hold the CTRL button while clicking
the link to this page, it will opens in a tab window instead of opening in a
pop up window.

Help me regarding detecting window type if you can please.

Thank You.
Signature


Bishoy George
bishoy@bishoy.com
20102550399

-------------------------

>> Hi Peter,
>>
[quoted text clipped - 17 lines]
>
> Peter
Reply to this Message
Randy Webb - 15 Apr 2006 19:31 GMT
Bishoy George said the following on 4/15/2006 8:17 AM in
microsoft.public.scripting.jscript:
> Dear Peter,

This is Usenet, not email.

> I did it except from the CTRL button problem.

"How do I protect my Javascript Code"
<URL: http://jibbering.com/faq/#FAQ4_1 >

The same principle applies to protecting your HTML code.

> The Scenario:
> 1- I prevented any browser from displaying the page except IE6 , IE7.

And how do you think you managed that?

> 2- I disabled right-click and selection.

Open page.
Minimize Browser
Open Second Browser window.
Disable Scripting.
Bring up browser window with webpage.
Right Click> View Source

Before anyone brings up "Fullscreen", even if you manage that, I have
dual monitors and can do anything I want on the second monitor
independent of the main monitor - you can't stop me.

> 3- I disabled print-screen.

Open page.
Resize so that you have some desktop visible.
Point the mouse at the desktop.
Print Screen.

> 4- I prevented the browser from caching the page.

The page will still be in the cache as long as it is open.

Open Page
Minimize browser
Open Cache

> 5- the name of the page is encrypted by a key and IV that is changed once
> the page is loaded so they are one use only.

Irrelevant to stopping the page from being saved.

> 6- The page comes with Server.Execute() not with Response.Redirect() so the
> previous page name is displayed instead of the real encrypted page name.

I don't need the "real encrypted page name", if I want the page itself,
it's filename is irrelevant.

> 7- The page is opened in a pop up window to remove the menu bar to disable
> File-Save As

Control-N

If you manage to trap that, see above to disable scripting. Then
Control-N and you have your toolbars back.

> The only drawback is in IE7 if the user hold the CTRL button while clicking
> the link to this page, it will opens in a tab window instead of opening in a
> pop up window.

The major drawback is that you are trying to force the way the browsers
work when you can't.

> Help me regarding detecting window type if you can please.

You can't.

If you don't want it saved, don't put it on the web.

Signature

Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/

Reply to this Message
Bishoy George - 16 Apr 2006 13:38 GMT
Dear Randy,

You are a little bit furious even on the Dear word, keep calm my dear.
Most of your answers take each point aside not as a whole.

1- Preventing specific browser is easy by the .net
Page.Request.Browser.Type

2-, 3- your answers didn't work with my page OR may be I did't know how to
make it OR may be IE requires you to close all its windows and reopen them
again.

4- You are right.

5- You are wrong. Because it prevented the page from reopen by CTRL-N

6- It is only a masking way

7- return to 5-.

Go to http://testarea.nagyresearch.com and make an account for you and I
will show you my secured claimed to be unsavable(except with IE7) page.

Signature

Bishoy George
bishoy@bishoy.com
20102550399

---------------------------

> Bishoy George said the following on 4/15/2006 8:17 AM in
> microsoft.public.scripting.jscript:
[quoted text clipped - 74 lines]
>
> If you don't want it saved, don't put it on the web.
Reply to this Message
Lee - 17 Apr 2006 01:26 GMT
Bishoy George said:

>Dear Randy,
>
[quoted text clipped - 3 lines]
>1- Preventing specific browser is easy by the .net
>Page.Request.Browser.Type

How can you possibly know what browser type I'm using?
I can send whatever data I like to your server to mislead it.
Isn't that enough right there to break your system?

Signature

                       

Reply to this Message
Randy Webb - 17 Apr 2006 02:13 GMT
Bishoy George said the following on 4/16/2006 at 8:38 AM in
news:microsoft.public.scripting.jscript or somewhere close to there:

> Dear Randy,
>
> You are a little bit furious even on the Dear word, keep calm my dear.

Me, furious about Usenet? Surely you jest. There is nothing in Usenet
worth getting furious about.

> Most of your answers take each point aside not as a whole.
>
> 1- Preventing specific browser is easy by the .net
> Page.Request.Browser.Type

Is that why you page says this:

Your browser is IE6!

Be very very careful before you answer that.

> 2-, 3- your answers didn't work with my page OR may be I did't know how to
> make it OR may be IE requires you to close all its windows and reopen them
> again.

Perhaps if you quoted what you are replying to it would be easier to
know what 2 and 3 were. Even OE has the ability to quote what you are
replying to.

Ahh, here they are:

<quote>
> 2- I disabled right-click and selection.

Open page.
Minimize Browser
Open Second Browser window.
Disable Scripting.
Bring up browser window with webpage.
Right Click> View Source

> 3- I disabled print-screen.

<quote>

If 2 doesn't work for you, then something is set different in your IE6
from mine. I know that 3 works on *any* browser because the print-screen
is a Windows function and not the browser itself. Move your browser
window over so you can see an icon on your desktop. Then, click an icon
on your desktop and hit print-screen. Or, use any popular screen
printing utility - they are a dime a dozen on the web.

> 4- You are right.

Being right on #4 alone means you haven't stopped the page from being
saved, only made it minimally more difficult is all.

> 5- You are wrong. Because it prevented the page from reopen by CTRL-N

OK, irrelevant to me because you can't open a window on my PC without
tool bars so I very seldom ever have to do a control-N

> 6- It is only a masking way

Fair enough.

> 7- return to 5-.

See 5 above.

> Go to http://testarea.nagyresearch.com and make an account for you and I
> will show you my secured claimed to be unsavable(except with IE7) page.

I applied, it let me have a username but I don't think I will get the
email at humptydumpty@google.com so I won't be able to log in.

But, to be totally fair, I don't think a lot of your visitors will be
savvy enough to get around what little bit of security you have
considering most of them would be medical researchers and not scripters.

Be aware though that a proxy server that is decent will stop you from
removing my toolbars......

Signature

Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/

Reply to this Message
Bishoy George - 17 Apr 2006 09:13 GMT
Hi Randy,
I activated the account you made.
As you said, I quoted your answers. My answers will start with >>>.

> Bishoy George said the following on 4/16/2006 at 8:38 AM in
> news:microsoft.public.scripting.jscript or somewhere close to there:
[quoted text clipped - 16 lines]
>
> Be very very careful before you answer that.

>>> I know that there may be misleading to the server. They say that FireFox
>>> may appear to the server as IE6 or IE7.
>>> But yes, I use Page.Request.Browser.Type for knowing your browser type.
-----------------------------------------------------

>> 2-, 3- your answers didn't work with my page OR may be I did't know how
>> to make it OR may be IE requires you to close all its windows and reopen
[quoted text clipped - 26 lines]
> desktop and hit print-screen. Or, use any popular screen printing
> utility - they are a dime a dozen on the web.

>>> I'd like to ask you how to disable scripting???
---------------------------------------------------

>> 4- You are right.
>
[quoted text clipped - 26 lines]
> Be aware though that a proxy server that is decent will stop you from
> removing my toolbars......
Reply to this Message
Randy Webb - 17 Apr 2006 14:32 GMT
Bishoy George said the following on 4/17/2006 4:13 AM:
> Hi Randy,
> I activated the account you made.
[quoted text clipped - 22 lines]
>>>> may appear to the server as IE6 or IE7.
>>>> But yes, I use Page.Request.Browser.Type for knowing your browser type.

It wasn't Firefox but if you want, I can give you the exact UA string it
is using.

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
1.1.4322; .NET CLR 2.0.50727)

It is an exact copy of a UA string from IE6 but unless you get into some
really really serious object detection you won't be able to tell the
difference - especially not from the UA string. I can just as easily
make it say "My F**king browser"(I did that for a while just for kicks
but my toolbar in IE does say "Randys Browser"). Editing the Registry is
fun sometimes :)

But as I said before, what you are doing is probably safe enough for
your visitors.

<snip>

>>>> I'd like to ask you how to disable scripting???

I have a simple add on button I click that enables/disables scripting
but in IE6 it is Tools>Internet Options>Security Tab>Advanced and scroll
to the bottom. There are 3 or 4 of them to enable/disable.

<snip>

>> But, to be totally fair, I don't think a lot of your visitors will be
>> savvy enough to get around what little bit of security you have
>> considering most of them would be medical researchers and not scripters.

I said the above and am leaving that part of what I said intact because
the methods you use probably are secure enough for medical researchers.

Signature

Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/

Reply to this Message
Bishoy George - 17 Apr 2006 15:39 GMT
Still you didn't answer my original question...
How to detect window type (-normal -tab -popup) with the page code.
Signature


Bishoy George
bishoy@bishoy.com
20102550399

----------------------------------

> Bishoy George said the following on 4/17/2006 4:13 AM:
>> Hi Randy,
[quoted text clipped - 57 lines]
> I said the above and am leaving that part of what I said intact because
> the methods you use probably are secure enough for medical researchers.
Reply to this Message
Randy Webb - 17 Apr 2006 22:23 GMT
Bishoy George said the following on 4/17/2006 10:39 AM:
> Still you didn't answer my original question...
> How to detect window type (-normal -tab -popup) with the page code.

Nobody has answered you because you can't determine - with script -
whether it's in a new window or a popup.

Signature

Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/

Reply to this Message
Dave Anderson - 15 Apr 2006 21:07 GMT
> 1- I prevented any browser from displaying the page except IE6 , IE7.

No, you didn't. It is a trivial matter to fool the server into thinking I
have IE. Any of a dozen Firefox extensions will allow me to customize my UA
string. Or I could use Netscape 8 and switch between IE and Gecko engines.
Or for that matter, I could open your page in notepad and just get the
source directly.

> 2- I disabled right-click and selection.
> 3- I disabled print-screen.

Again, these are trivial to defeat.

> 4- I prevented the browser from caching the page.

You cannot PREVENT a browser from caching. You can suggest a cache-control
behavior that most browsers will follow. But they are not required to do so.

> 5- the name of the page is encrypted by a key and IV that
> is changed once the page is loaded so they are one use only.

If all of the aboved worked, this might actually help.

> 6- The page comes with Server.Execute() not with
> Response.Redirect() so the previous page name is displayed
> instead of the real encrypted page name.

This doesn't really matter. Once again, if everything above worked, #5
negates the need for this entirely.

> 7- The page is opened in a pop up window to remove the menu
> bar to disable File-Save As

See my response to 1-3.

> The only drawback is in IE7 if the user hold the CTRL
> button while clicking the link to this page, it will
> opens in a tab window instead of opening in a pop up
> window.

Consider that the opposite of a drawback. IE7 is helping you to see that (a)
security belongs on the server, not on the client, and (b) the information
you send to the client BELONGS TO the client. IE7 is opening your eyes to
your design flaw before you waste any more time on it. What you have
described so far sounds like THE OPPOSITE OF SECURITY to me -- something
that gives comfort to the author while still being wide open to a dedicated
attacker (even an armchair one).

Signature

Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.

Reply to this Message
Peter Torr (MS) - 18 Apr 2006 08:13 GMT
> Help me regarding detecting window type if you can please.

Bishoy,

In order to answer your question, we need to understand what it is you are
*really* trying to do. Someone who buys a drill is not really buying a
drill; they are buying holes. See? :-)

As you can see from the other replies, explaining what you have done so far
doesn't help. We need to know why you want to stop people saving info (is it
top secret military data?) and who the users are (NSA super-spies?).

Seems you are trying to stop some kind of medical professionals. Assuming
they are not well-versed in web hacking, and assuming they are
non-malicious, an easy way would be to have all the content hidden and
simply ping the server on document.onload to see if the page view is
allowed. If not, keep the content hidden. If so, set the content to
display=auto. There are lots of other things you could do using AJAX
(<shudder>) but they are more complicated.

Peter

Signature

Peter Torr - http://blogs.msdn.com/ptorr
HD DVD Program Manager

Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.