FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 06-16-2011, 06:25 PM
Camaleón
 
Default Re (5): Configuring Iceweasel security policies.

On Thu, 16 Jun 2011 10:45:01 -0800, peasthope wrote:

> From: Scott Ferguson <prettyfly.productions@gmail.com> Date: Thu, 16
Jun
> 2011 19:52:12 +1000

(...)

>> You *did* change the restrictions in Iceweasel (about:config) didn't
>> you?
>
> That's where I started about 5 days ago. In about:config,
> security.checkloaduri appears to be changeable but the change doesn't
> stick and has no effect. According to the mailing lists, that appears to
> be intentional. So then I tried editing
> /etc/iceweasel/pref/iceweasel.js as "docuemented" in Mozilla Security
> Policy. Even when the configuration is set, about:config
> security.checkloaduri is true. Either my configuration is wrong or
> Iceweasel doesn't implement this as Mozillazine describes. This is the
> pertinent content of iceweasel.js. // Allow my file URI to be opened.
> user_pref("capability.policy.policynames", "localfilelinks");
> user_pref("capability.policy.localfilelinks.checkl oaduri.enabled",
> "allAccess"); user_pref("capability.policy.localfilelinks.sites" ,
> "http://members.shaw.ca/" "file://142.103.107.137/" );

Err... Peter, have you considered using the suggested¹ extension?

https://addons.mozilla.org/firefox/addon/281

I have tested and it works with the sample links of your site (at least
within Firefox 5.0 beta). Well, it says "file not found", of course, but
it opens the link, the error is because the file cannot be found in my
system.

It is very easy to use: once installed, you have to right-click on the
desired link ("file:///home/user/file") to open the context menu and then
open the uri in a new tab or new window. And the URI will open.

Then, consider opening a bug at Firefox bugzilla for the things that you
have already tried and did not work "as expected" :-)

¹http://kb.mozillazine.org/Links_to_local_pages_don%27t_work#Disabling_the_Se curity_Check

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: pan.2011.06.16.18.25.45@gmail.com">http://lists.debian.org/pan.2011.06.16.18.25.45@gmail.com
 
Old 06-16-2011, 06:45 PM
 
Default Re (5): Configuring Iceweasel security policies.

From: Scott Ferguson <prettyfly.productions@gmail.com>
Date: Thu, 16 Jun 2011 19:52:12 +1000
> ... lynx doesn't support xhtml by default ... w3m only support xhtml 1.0
>
> Try not using an xhtml file - I suspect you are complicating your tests.

Oops; thanks. The result is the same for C*.html. When lynx and
w3m are given the IP address, they decline to open the file. But
these file links are edge cases; odd behaviour is no surprise.

> I'm not understanding why you are using the ip address - even localhost
> is redundant... with file:/// links localhost is the default root....

Only wondered what the browsers would do when the target is specified
explicitly. Just my inane curiosity.

> Hmm - do you mean that you are using a local copy ... ?

Definitely. If the target is on the Web server, there is no problem
and no reason to test. The problematic case is for the file URI.

> You *did* change the restrictions in Iceweasel (about:config) didn't you?

That's where I started about 5 days ago. In about:config, security.checkloaduri
appears to be changeable but the change doesn't stick and has no effect.
According to the mailing lists, that appears to be intentional. So then
I tried editing /etc/iceweasel/pref/iceweasel.js as "docuemented" in
Mozilla Security Policy. Even when the configuration is set,
about:config security.checkloaduri is true. Either my configuration
is wrong or Iceweasel doesn't implement this as Mozillazine describes.
This is the pertinent content of iceweasel.js.
// Allow my file URI to be opened.
user_pref("capability.policy.policynames", "localfilelinks");
user_pref("capability.policy.localfilelinks.checkl oaduri.enabled", "allAccess");
user_pref("capability.policy.localfilelinks.sites" , "http://members.shaw.ca/" "file://142.103.107.137/" );

In chromium-browser, about:config doesn't work. There are files in /etc/chromium-browser
but I haven't had time to chase down the configuration perinent to file URI. Similarly for
the other optional browsers.

> I generally test changes on a server in a virtualbox machine before
> pushing them to the development server (belt and suspenders).

OK, I understand that for testing. Where do you edit the pages?
Which editor?

> For a static site such as yours I suggest you just tar.bzip ...

That would be another procedure in my system of work. Make it
as simple as possible but not simpler.

> A later dated archive always replaces an earlier dated archive. And a
> changes text file can be used to keep track of versions.

I have daily, weekly and monthly backups. Even when the
filesystem on the CF card failed, all data including current
bookkeeping, was recovered in about an hour. Versioning is not
needed for my trivial Web sites.

>> FTP is fast!
>
> Even faster when it's only moving a tar.bz2!

I understand but in many cases I just update one file after an
edit. Updating the dozen or so files comprising a Web site is
still only three mouse clicks in about 5 seconds.

> You may have found a difference between Firefox and Iceweasel....

I must install FF to resolve it.

> I meant the viewer is fooled into thinking the world can see their files
> - at the time there was stories that said it did.

OK, I missed that.

> ... both Category2.html and Category3.html reside in the same location.

Works for me too. No issue. Put your Category2.html on a Web
server and your Category3.html on your workstation. Open Category2.html
in a browser on your workstation. Click on the file link targetting
Category3.html, which is on your workstation. I'll bet Category3.html
will not open. If you can find a configuration setting to allow that
to work, good!

Regards, ... Peter E.



--
Telephone 1 360 450 2132. bcc: peasthope at shaw.ca
Shop pages http://carnot.yi.org/ accessible as long as the old drives survive.
Personal pages http://members.shaw.ca/peasthope/ .


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 171057040.43841.30760@cantor.invalid">http://lists.debian.org/171057040.43841.30760@cantor.invalid
 
Old 06-17-2011, 07:37 AM
Scott Ferguson
 
Default Re (5): Configuring Iceweasel security policies.

On 17/06/11 04:45, peasthope@shaw.ca wrote:
> From: Scott Ferguson <prettyfly.productions@gmail.com>
> Date: Thu, 16 Jun 2011 19:52:12 +1000

<snipped to save electrons>

>
> In chromium-browser, about:config doesn't work.

Does it need to?

On my computer with Chrome open
Ctrl+O to open the file open dialog
choose /home/scott/Category2.html (has various links types in it)
file opens no problems
link to /home/scott/Category3.html opens no problems
additionally, and just to return the confusion ;-p
opens fish://machine_on_same_subnet
opens sftp://machine_on_same_subnet

On your webserver Chrome will open two http links on the second line of
Links, none of the links on the third line of links (expected behaviour)
However, if you still desire that functionality(?) try :-
https://chrome.google.com/webstore/detail/jllpkdkcdjndhggodimiphkghogcpida

OR simply copy and paste the local link
eg. file://home/scott/Category2.html (note the double slash, not triple)

>> I generally test changes on a server in a virtualbox machine before
>> pushing them to the development server (belt and suspenders).
>
> OK, I understand that for testing. Where do you edit the pages?

in situ (on the development machine, separate users and virtual hosts
for each site)

> Which editor?

For static html pages and css - nano, vi, emac, kwrite, kate, any and
all are good.
I generally use a CMS so there are no actual pages.
I don't use an IDE to manage sites though I use one to develop and test
elements of a site eg, php, javascript, css and complex pages.
I can recommend Komposer, until recently I used Quanta - but it's broken
in Squeeze, I've heard good things of Bluefish, and I'm currently
testing various solutions for HTML5.
Kimagemap is excellent, but slightly broken, for imagemapping.
Klinkchecker is invaluable (used to analyse the links on your site).
wget and curl are also invaluable.

>
>> For a static site such as yours I suggest you just tar.bzip ...
>
> That would be another procedure in my system of work. Make it
> as simple as possible but not simpler.
>
>> A later dated archive always replaces an earlier dated archive. And a
>> changes text file can be used to keep track of versions.
>
> I have daily, weekly and monthly backups. Even when the
> filesystem on the CF card failed, all data including current
> bookkeeping, was recovered in about an hour. Versioning is not
> needed for my trivial Web sites.
>
>>> FTP is fast!
>>
>> Even faster when it's only moving a tar.bz2!
>
> I understand but in many cases I just update one file after an
> edit. Updating the dozen or so files comprising a Web site is
> still only three mouse clicks in about 5 seconds.

I lack you, um, confident optimism. That approache leaves too many
states between the old and the new. I prefer:-
old site
old site plus new_site_archived.tar.bz2
site down to all visitors except my ip
delete old site
extract new site
site up

<snipped>

> Regards, ... Peter E.
>
>
>

Consider that - if something works you'll use it, the longer it's
useful, the more you'll forget.... so overwriting leads to problems.

eg.
if you install knoppix
fail to update knoppix
install debian
update debian
no matter which release you're running it's Debian Cruft! ;-p
don't let your site become Easthope cruft ;-p


Cheers


--
I don't mean to sound bitter, cold, or cruel, but I am, so that's how it
comes out.
~ Bill Hicks


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4DFB0430.6060602@gmail.com">http://lists.debian.org/4DFB0430.6060602@gmail.com
 

Thread Tools




All times are GMT. The time now is 02:00 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org