Security issue on Intranet

Soldato
Joined
18 Dec 2004
Posts
9,896
Location
NE England
Hey all,

I've got quite of a bit of Javascript in our intranet pages which are essential. This works fine on our server no problem, end of. However, when copying the Intranet to our local drives or external storage, the drop down menus would not open the documents. It turned out this was due to the very first line of the code (the validation?). In the one that didn't work, it was:
Code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
In the one that did work, it was:
Code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">

Well I'm glad I've got that sorted! However, whenever I jump from page to page, I now get a security warning at the top of the page, which disables all the javascript in the page until it's allowed. Due to the fact that not even the most insightful guidance note would help all the users here, I was wondering if someone could shed some light on how to get around this.

I've made a work around by setting my machine up as a trusted site - however, that'd involve every machine to which the Intranet is copied to to also be set up in the same way. This way also won't work for machines out of our network, as this may be against their policy.

Any ideas?

Much appreciated,

-RaZ
 
I am assuming thats because ** getting a url some thing like this...

file://m:/webroot/this/that/the/other.html

if so run a web server on that machine, then you when the browser goes to look at the site it wont think the javascript is local and will allow it, this is for security to prevent nasties...

i.e. the url would now be...

http://servername/this/that/the/other.html

I would advise Apache 2 for simlicity but you could run IIS if you have a windows server or windows xp pro system.
 
The problem with that is that we may need to use/demonstrate the Intranet at a different company - and we may have problems with their policies etc setting that up. Also, the people who would be demonstrating aren't as IT literate as ourselves, so would have a hard time understanding it. If it's just not possible to do, then they'll have to make do with what they have at the end of the day :D

-RaZ
 
MoNkeE said:
The problem with that is that we may need to use/demonstrate the Intranet at a different company - and we may have problems with their policies etc setting that up. Also, the people who would be demonstrating aren't as IT literate as ourselves, so would have a hard time understanding it. If it's just not possible to do, then they'll have to make do with what they have at the end of the day :D

-RaZ

Another alternitive is to demonstraite the use via an online webserver which has a .htaccess password on it.
 
Unfortunately (as is always the case), we may be needing to demonstrate on a site with no Internet Access, or the user may be using a laptop for work reasons and not have access to the Internet and need documents from our Intranet.

We do already have a secured section of our Intranet available to off-site workers which generally works A-ok, so atleast that's one less thing to worry about :)

Ta,

-RaZ
 
looks like ** stick in a hole then but I would suggest if ** using a laptop that u install the server on their. either way not much more I can suggest the messages are their for security so theres no way you could disable the security without a message any way so therefor missing the point of this.
 
Back
Top Bottom