|
SafeClick module provides Drupal with various techniques and methods of protection from Clickjacking attacks.From Wikipedia: "Clickjacking is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous Web pages. A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function."More information on Clickjacking can be found on Wikipedia and on original paper.Features 1. Opportunity of setting X-Frame-Options HTTP header. You may set it up to SAMEORIGIN to allow framing of website within its domain or to DENY to prevent framing at all. Or you may disable it. This header is currently supported by Mozilla Firefox + NoScript extension, Apple Safari, Google Chrome and Microsoft Internet Explorer 8, so it's the safest way for your website. 2. javascript + CSS + framebusting. It's the hardest defense for your website, however it can break down some of your modules which use iframes. The disadvantage of usual framebusters is that they can be disabled particularly using IE8 or Safari XSS filter This framebuster, pointed to me by sirdarckcat, excludes such kind of attack. If user disables framebuster script selectively - he sees blank screen. If user has generally disabled javascript - he sees message like "Sorry, you need to enable javascript to visit this website." However, tag is made as a separate option, because such option may be useful without framebuster itself. 3. Opportunity of decreasing the risk of Clickjacking on your site via overridden styles of , , and tags. This option should only be enabled if you allow your users to post content with stated tags. Special CSS overrides opacity level and z-index for them, preventing transparent frames and hidden via z-index frames. Also, z-index is useful for prevention of "last loaded - first focused" behavior (when last loaded frame is being focused regardless its z-index). The reverse is that in theory it may break website layout.
| Requirements: |
No special requirements
|
| Platforms: |
PHP |
| Keyword: |
Break, Clicking, Clickjacking, Disabled, Framebuster, Frames, Framing, Header, Information, Opportunity, Option, Safari, Script, Users, Vascript, Website, Zindex |
| Users rating: |
0/10 |
|
Windows Software
Albina Merfyn - I find this to be really easy to use. I can...
