Secure Mode Delimna

I’ve kept having conversations with people and the dis-belief that .NET, .asp, VBScript, JAVA and other scripts and languages have been banned under the 2 year old “Secure Mode Mandate”, which banned these technologies because they do not meet the “All code must be inspectable/viewable by the user” requirement of the mandate.  I know there are efforts in some parts of the community to remedy this, but no solutions out there yet.

Some of you have a problem with the idea that PHP passed, but the arguments that saved it were two part:

  • Only has Server side processing,
  • Only yields inspectable/viewable HTML code

Thinking on this I thought up a legal way for those not in compliance to make their sites legally compliant, even if not technically compliant.

Disclaimer:
What is needed is the following disclaimer, I suggest a separate linked page with done is similar fashion of the way “Privacy Policy” and other “Policy” pages are linked.

Example:

The site compliant with the “Secure Mode Mandate”.
See details at: <a href=’mysec_compliance_page.php’>Security Compliance Policy.</a>

“Security Compliance Policy:”

Your Security Compliance Policy page should say:

******************************************************************

This site is compliant with the “Secure Mode Mandate” as it uses OpenSource and thus viewable .NET and/or JAVA framework(s) {or whatever applies here} of:

  • My .Net framework Name ==> with code viewable at
    <a href=’.netfw_url’>My .Net framework Name</a>,

  • My JAVA framework Name ==> with code viewable at
    <a href=’javafw_url’>My JAVA framework Name</a>,

All additional customized, extended and proprietary code is certified free of viruses, pop-ups, third-party code, keytrackers and other phishing technologies, gathering no personal data, other than data needed specifically for the transactions at hand.

Site WebMaster

******************************************************************

The links given must be the place where your framework code can be seen and/or downloaded.  This means you can not use proprietary framework code (they will not publish nor allow you to publish their code), but only OpenSource framework code.  It also means you must follow the part below the links, eliminating anything not in compliance.  Sorry Google and “Click Through” fans this means you have to toss AdSense and their Analytics as both violate the mandate.  Remember all keytrackers, third-party calls, links and click-throughs are non-compliant, except for direct navigational links to another site.

Additionally you have to add the verbiage and link to this new page, into your “Privacy Policy”.

Notes:

  1. Third party testing and certification of your compliance is best.  Contact me here if you need a resource for this.
  2. You have to avoid the temptation to just add this to your “Privacy Policy”, as this is addressing a specific and separate issue on Web Security.

Site Testing:

If you are not familiar with the “Secure Mode Mandate” and want to test your site for compliance, you must install the following on your computer, which you are testing from:

  • FireFox Browser,
      FF addon plugins of:

    • Ad Block Plus,
    • No Script,
    • Ghostery,

Additionally change the follow FF options:

    Windows: “Tools”+”Options”+”Privacy”
    Linux: “Edit”+”Preferences”+”Privacy”

Make sure the “Accept third-party cookies” option is not selected and the “Accept cookies from sites” is selected.

You will be amazed at how many viruses and keytracker are on your system, once these are installed.

When you link to your site, these plugins will immediately notify you of any violations coming from your site. You then know what to do to fix them and what to ignore, if coming from your framework that you know is approved.

Hope this helps all you out there with huge investments in “non-compliant” technologies, not wanting to bear the cost of conversion.

Cheers!

TBotNik

Advertisements

About TBotNik

Crazy technologist, with World fame in SEO!
This entry was posted in Commercial, Technical. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s