Firefox Hacks [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Firefox Hacks [Electronic resources] - نسخه متنی

Nigel McFarlane

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Firefox Hacks

Table of Contents

Copyright

Credits

About the Author

Contributors

Acknowledgments

Preface

Why Firefox Hacks?

How to Use This Book

How This Book Is Organized

Conventions Used in This Book

Using Code Examples

Safari® Enabled

How to Contact Us

Got a Hack?

Chapter 1. Firefox Basics

Section 1.1. Hacks 1-10

Section 1.2. Get Oriented

Hack 1. Ten Ways to Display a Web Page

Hack 2. Ten Ways to Navigate to a Web Page

Hack 3. Find Stuff

Hack 4. Identify and Use Toolbar Icons

Hack 5. Use Keyboard Shortcuts

Hack 6. Make Firefox Look Different

Hack 7. Stop Once-Only Dialogs Safely

Hack 8. Flush and Clear Absolutely Everything

Hack 9. Make Firefox Go Fast

Hack 10. Start Up from the Command Line

Chapter 2. Security

Section 2.1. Hacks 11-21

Hack 11. Drop Miscellaneous Security Blocks

Hack 12. Raise Security to Protect Dummies

Hack 13. Stop All Secret Network Activity

Hack 14. Work with Single Sign-On Servers

Hack 15. Work with Web Proxies

Hack 16. Fine-Tune Ports and Sockets

Hack 17. Manage Digital Certificates

Hack 18. Digitally Sign Content

Hack 19. Grant Trust with Master Certificates

Hack 20. Restrict Script Behavior with Policies

Hack 21. Make Yourself Anonymous

Chapter 3. Installation

Section 3.1. Hacks 22-32

Hack 22. Edit Configuration Files

Hack 23. Play With the Preference System

Hack 24. Install Complementary Tools

Hack 25. Migrate Firefox Profiles

Hack 26. Dial Up Automatically on Startup

Hack 27. Fix Web Servers to Support Firefox Content

Hack 28. Prepare Firefox for Wide Deployment

Hack 29. Remotely Manage User Configurations

Hack 30. Install Fonts and Character Support

Hack 31. Take Firefox with You

Hack 32. Work with Filtering Systems

Chapter 4. Web Surfing Enhancements

Section 4.1. Hacks 33-43

Hack 33. Use Fancy Bookmarks

Hack 34. Modify Tabbed Browsing

Hack 35. Govern Image and Ad Display

Hack 36. Get More Search Tools

Hack 37. Get More Feeds and News

Hack 38. Add Stuff to Your Toolbars

Hack 39. Upgrade Firefox Feature Managers

Hack 40. Integrate Firefox with Other Tools

Hack 41. Create Your Own Search Plug-in

Hack 42. Spider the Web with Firefox

Hack 43. Waste Time with Toys and Games

Chapter 5. Power Tools for Web Developers

Section 5.1. Hacks 44-57

Hack 44. Tweak and Troubleshoot CSS Designs

Hack 45. Use Gecko CSS Style Magic

Hack 46. Write Compatible CSS

Hack 47. Update Browser Detection Scripts

Hack 48. Submit Background Form Data

Hack 49. Script Plug-ins

Hack 50. Quality-Assure Your Web Pages

Hack 51. Display HTTP Headers

Hack 52. Stomp on Cookies

Hack 53. Probe HTML with the DOM Inspector

Hack 54. Turn Off Absolutely All Caching

Hack 55. Web Document Debugging Tricks

Hack 56. Debug JavaScript with Venkman

Hack 57. Handle Hangs and Other Bad Juju

Chapter 6. Power XML for Web Pages

Section 6.1. Hacks 58-74

Hack 58. Pick Display Modes for HTML and XML

Hack 59. Get Tools for XML Validation

Hack 60. Mix Content with XML Namespaces

Hack 61. Make MathML Content

Hack 62. Make SVG Content

Hack 63. Use Client-Side XPath

Hack 64. Use Client-Side XSL

Hack 65. Work with Mozilla SOAP Services

Hack 66. Work with Mozilla XML-RPC Services

Hack 67. Work with Mozilla WSDL Services

Hack 68. Make Applications and Extensions with XUL

Hack 69. Make New Tags and Widgets with XBL

Hack 70. Work with RDF Facts

Hack 71. Work with RSS Feeds

Hack 72. Connect SQL to XUL

Hack 73. Generate XUL Using PHP Libraries

Hack 74. Get a Taste of E4X Scripting

Chapter 7. Hack the Chrome Ugly

Section 7.1. Hacks 75-83

Hack 75. Do Groundwork for Ugly Chrome Hacks

Hack 76. Spy on Chrome with the DOM Inspector

Hack 77. Customize Firefox''s Interface

Hack 78. Rebadge Firefox

Hack 79. Make Firefox Match the Desktop

Hack 80. Make a Toolbar That Can''t Be Hidden

Hack 81. Content Filter Without Your Smart Friend Noticing

Hack 82. Add a New XPCOM Component

Hack 83. Add a New Command-Line Option

Chapter 8. Hack the Chrome Cleanly

Section 8.1. Hacks 84-90

Hack 84. Do Groundwork for Extension Development

Hack 85. Study Packages with the Chrome Manager

Hack 86. Create a Chrome Package

Hack 87. Make a Bottom-Up Overlay

Hack 88. Make, Bundle, and Publish an XPI

Hack 89. Build an Installable Theme

Hack 90. Identify Reusable Toolkits

Chapter 9. Work More Closely with Firefox

Section 9.1. Hacks 91-100

Hack 91. Handle Cross-Platform Differences

Hack 92. Get a Custom, Prebuilt Version

Hack 93. Make Firefox Software

Hack 94. Run Multiple Mozilla Browsers

Hack 95. Make Extensions Work Outside Firefox

Hack 96. Turn on Firefox Diagnostics

Hack 97. Find the Right Forum for Your Issues

Hack 98. Survive Bugzilla

Hack 99. Find Out What Has Been Fixed

Hack 100. Help with the Future of Firefox

Colophon

Index

SYMBOL

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

X

Z
توضیحات
افزودن یادداشت جدید






Hack 17. Manage Digital Certificates

Who gives Firefox trustworthy advice? You can
change that set of advisors.

All content from a web site that advertises itself as secure has to
be checked. Secure content must be accompanied by a digital signature
and by a certificate that says whom the digital signature belongs to.
The certificate must originate from a Certificate Authority (an
organization) that Firefox knows. This hack explains how to change
the certificates and Certificate Authorities (CAs) that Firefox
knows about.


2.8.1. Examining Existing Certificates and Authorities


The Firefox Options dialog box lets you manage
digital
certificates. Click the Advanced icon to display that panel, expand
the Certificates item, and click the Manage Certificates... button.
Figure 2-3 shows that window, with the fourth tab
in front.


Figure 2-3. Default certificate authority certificates in Firefox

If you click on any of the rows labeled Builtin Object Token, you can
then examine the certificate by pressing the View button or limit its
use via the Edit button. All of the certificates listed are bundled
with the standard Firefox install. There's little
reason to delete them, but you can if you want. If you do so, that
will restrict the number of secure web sites that Firefox can
successfully visit.

You can also list these certificates from outside Firefox. Copy these
files from the current Firefox profile to a temporary directory:

cert8.db key3.db secmod.db

All three files (cert8.db,
key2.db, and secmod.db) are
required. To see their contents, use signtool [Hack #18], like this:

signtool -L -d"."

These three files contain, respectively,
certificates,
public-key encryption keys, and a list of security modules that
provide
enabling
regimes
for browser
security. An enabling regime is just a starting point for security.
The alphabet soup that describes such regimes includes PKCS #11 and
PSM standards. Implementations of those standards make up the default
(built-in) security regime for Firefox. Other regimes that could be
added (via additional software libraries) include systems that
support smart cards and dongles.

The other tabs in this dialog box contain these details:

Your certificates


Certificates you might use to sign email or other outward-bound
information. Firefox does not use these certificates, but it might
share its profile with another application, such as Thunderbird. They
are sourced locally or from a smart card.


Other people's certificates


Certificates received from inbound information, such as signed email.
Firefox does not use these certificates, but it might share its
profile with another application, such as Thunderbird.


Web site certificates


Certificates stored by user action. If a web site presents a
certificate to the user, and the user both accepts it and tells
Firefox to allow that site in future, then the certificate will be
copied here.




2.8.2. Adding More CA Certificates


Certificates are defined by a range of standards, collectively called
X.509. You can add authoritative CA
certificates to Firefox at any time. The first step is to establish
the credibility of the CA you're going to add.
Don't assume that all CAs are credible. Free
software exists that lets anyone set themselves up as a CA. Once the
CA has delivered (for free) its root certificate, import it.

To import via the GUI, click the Import button in Figure 2-3 and supply the certificate file. Firefox
thinks files with the following extensions are certificates, but you
can identify the file by hand (the extension isn't
important):

.crt .cert .cer .pem .der

The file should be in either in DER or (old Netscape) Base-64
encoding. Firefox can handle chained certificates stored together in
one file, but it might not display all of them before final import.

To import direct from the Web, make sure the CA certificate is served
up with this content type:

application/x-x509-ca-cert

Use this alternate type for web server certificates:

application/x-x509-server-cert

To import certificates using the command line, work on copies of the
cert8.db, key3.db, and
secmod.db security files with the
certutil tool that is bundled with
signtool. Here's a suitable
command-line argument:

certutil -A -n "nickname" -t c -d "." [ -a ] -i new_ca.cert

Use the -a option for Base-64-encoded certificates
only. Note that the -d option requires a space
before its argument. Copy the files back to Firefox afterward.


2.8.3. Rejecting Certificates with CRLs and OSCP


If a certificate owner loses his credibility, he
shouldn't be allowed to use his certificate anymore.
Somehow, the browser user needs to find this out. The browser
displays a warning if it detects a trust request that uses a bad
certificate. But how does the browser know?

Certificate Rejection Lists (CRLs) are
one solution. CRLs are files with formats defined in RFC 2459. Each
list is a set of certificates that a particular CA wishes they could
revoke. Firefox checks all installed CRLs when signed content
requests user trust. None are installed by default. If you have all
the CRLs from all of the CAs Firefox knows about, then the number of
bad folks you'll accidentally trust is much reduced.

One problem with CRLs is that they get out of date. Every CRL should
be brought up to date frequently. Firefox can do that either at set
expiry times in the future or at a fixed regular frequency. The
default frequency if any CRLs are installed is 30 seconds. Some
update information is also stored in the preferences system, but the
details are too gory for this hack.

To collect all the CRLs you need, visit the web sites of all CAs
known by Firefox. Click on all the links to CRLs at those sites. CRLs
are then downloaded and installed. They're detected
using this content type:

application/x-x509-crl

You can also import a CRL from a file if the CA delivers it to you as
an email attachment.

A second solution to bad certificates is Online
Certificate Status Protocol (OCSP). If it's enabled,
Firefox won't check CRLs each time trust is
requested by signed content. Instead, Firefox will send a request to
the URL specified when OCSP was turned on. The server at the other
end (or a proxy server) will report if the trust request includes a
safe certificate or not. If it is, the original content will be
trusted. That's a lot of extra network overhead for
a dial-up connection, though.


/ 164