Educause Security Discussion mailing list archives
Re: Web Browsing Security
From: Omen Wild <omen () UCDAVIS EDU>
Date: Thu, 26 Sep 2013 15:18:08 -0700
Quoting Tim Doty <tdoty () MST EDU> on Thu, Sep 26 17:04:
You can temporarily allow othersite.net when you use company.com, but during that time any site that wants to run a script hosted on othersite.net will be able to do so, and you have to remember to flush the temporary grants when you're done. What I would like is to be able to specify a rule such that "allow othersite.net when referenced from company.com", any other references would be denied.
In addition to NoScript and Adblock Plus and Ghostery, I also use RequestPolicy, which allows "control over cross-site requests". Between NoScript and RequestPolicy it can occasionally be a pain to figure out just what is required to render a site, so I'll occasionally just pull a site up in a Chrome Incognito window. I also use Cookies Manager+ to tune who is allowed to save long term cookies (hint, my default is to force all cookies to session cookies and only allow saving of cookies I need for long term logins). To all of this I add Self-Destructing Cookies so even the session cookies get blown away shortly after I close their browser tab. Paranoid? Maybe. Overly? I don't think so. -- Omen Wild Security Administrator (530) 752-1700
Attachment:
smime.p7s
Description:
Current thread:
- Web Browsing Security Bohlk, Christopher J. (Sep 26)
- Re: Web Browsing Security David Gillett (Sep 26)
- Re: Web Browsing Security Tim Doty (Sep 26)
- Re: Web Browsing Security Jeff Kell (Sep 26)
- Re: Web Browsing Security Tim Doty (Sep 26)
- Re: Web Browsing Security Omen Wild (Sep 26)
- Re: Web Browsing Security Jeff Kell (Sep 26)
- Re: Web Browsing Security Isabelle Graham (Sep 27)
- Re: Web Browsing Security Jeff Kell (Sep 26)