Firefox Hacks [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Firefox Hacks [Electronic resources] - نسخه متنی

Nigel McFarlane

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Firefox Hacks

Table of Contents

Copyright

Credits

About the Author

Contributors

Acknowledgments

Preface

Why Firefox Hacks?

How to Use This Book

How This Book Is Organized

Conventions Used in This Book

Using Code Examples

Safari® Enabled

How to Contact Us

Got a Hack?

Chapter 1. Firefox Basics

Section 1.1. Hacks 1-10

Section 1.2. Get Oriented

Hack 1. Ten Ways to Display a Web Page

Hack 2. Ten Ways to Navigate to a Web Page

Hack 3. Find Stuff

Hack 4. Identify and Use Toolbar Icons

Hack 5. Use Keyboard Shortcuts

Hack 6. Make Firefox Look Different

Hack 7. Stop Once-Only Dialogs Safely

Hack 8. Flush and Clear Absolutely Everything

Hack 9. Make Firefox Go Fast

Hack 10. Start Up from the Command Line

Chapter 2. Security

Section 2.1. Hacks 11-21

Hack 11. Drop Miscellaneous Security Blocks

Hack 12. Raise Security to Protect Dummies

Hack 13. Stop All Secret Network Activity

Hack 14. Work with Single Sign-On Servers

Hack 15. Work with Web Proxies

Hack 16. Fine-Tune Ports and Sockets

Hack 17. Manage Digital Certificates

Hack 18. Digitally Sign Content

Hack 19. Grant Trust with Master Certificates

Hack 20. Restrict Script Behavior with Policies

Hack 21. Make Yourself Anonymous

Chapter 3. Installation

Section 3.1. Hacks 22-32

Hack 22. Edit Configuration Files

Hack 23. Play With the Preference System

Hack 24. Install Complementary Tools

Hack 25. Migrate Firefox Profiles

Hack 26. Dial Up Automatically on Startup

Hack 27. Fix Web Servers to Support Firefox Content

Hack 28. Prepare Firefox for Wide Deployment

Hack 29. Remotely Manage User Configurations

Hack 30. Install Fonts and Character Support

Hack 31. Take Firefox with You

Hack 32. Work with Filtering Systems

Chapter 4. Web Surfing Enhancements

Section 4.1. Hacks 33-43

Hack 33. Use Fancy Bookmarks

Hack 34. Modify Tabbed Browsing

Hack 35. Govern Image and Ad Display

Hack 36. Get More Search Tools

Hack 37. Get More Feeds and News

Hack 38. Add Stuff to Your Toolbars

Hack 39. Upgrade Firefox Feature Managers

Hack 40. Integrate Firefox with Other Tools

Hack 41. Create Your Own Search Plug-in

Hack 42. Spider the Web with Firefox

Hack 43. Waste Time with Toys and Games

Chapter 5. Power Tools for Web Developers

Section 5.1. Hacks 44-57

Hack 44. Tweak and Troubleshoot CSS Designs

Hack 45. Use Gecko CSS Style Magic

Hack 46. Write Compatible CSS

Hack 47. Update Browser Detection Scripts

Hack 48. Submit Background Form Data

Hack 49. Script Plug-ins

Hack 50. Quality-Assure Your Web Pages

Hack 51. Display HTTP Headers

Hack 52. Stomp on Cookies

Hack 53. Probe HTML with the DOM Inspector

Hack 54. Turn Off Absolutely All Caching

Hack 55. Web Document Debugging Tricks

Hack 56. Debug JavaScript with Venkman

Hack 57. Handle Hangs and Other Bad Juju

Chapter 6. Power XML for Web Pages

Section 6.1. Hacks 58-74

Hack 58. Pick Display Modes for HTML and XML

Hack 59. Get Tools for XML Validation

Hack 60. Mix Content with XML Namespaces

Hack 61. Make MathML Content

Hack 62. Make SVG Content

Hack 63. Use Client-Side XPath

Hack 64. Use Client-Side XSL

Hack 65. Work with Mozilla SOAP Services

Hack 66. Work with Mozilla XML-RPC Services

Hack 67. Work with Mozilla WSDL Services

Hack 68. Make Applications and Extensions with XUL

Hack 69. Make New Tags and Widgets with XBL

Hack 70. Work with RDF Facts

Hack 71. Work with RSS Feeds

Hack 72. Connect SQL to XUL

Hack 73. Generate XUL Using PHP Libraries

Hack 74. Get a Taste of E4X Scripting

Chapter 7. Hack the Chrome Ugly

Section 7.1. Hacks 75-83

Hack 75. Do Groundwork for Ugly Chrome Hacks

Hack 76. Spy on Chrome with the DOM Inspector

Hack 77. Customize Firefox''s Interface

Hack 78. Rebadge Firefox

Hack 79. Make Firefox Match the Desktop

Hack 80. Make a Toolbar That Can''t Be Hidden

Hack 81. Content Filter Without Your Smart Friend Noticing

Hack 82. Add a New XPCOM Component

Hack 83. Add a New Command-Line Option

Chapter 8. Hack the Chrome Cleanly

Section 8.1. Hacks 84-90

Hack 84. Do Groundwork for Extension Development

Hack 85. Study Packages with the Chrome Manager

Hack 86. Create a Chrome Package

Hack 87. Make a Bottom-Up Overlay

Hack 88. Make, Bundle, and Publish an XPI

Hack 89. Build an Installable Theme

Hack 90. Identify Reusable Toolkits

Chapter 9. Work More Closely with Firefox

Section 9.1. Hacks 91-100

Hack 91. Handle Cross-Platform Differences

Hack 92. Get a Custom, Prebuilt Version

Hack 93. Make Firefox Software

Hack 94. Run Multiple Mozilla Browsers

Hack 95. Make Extensions Work Outside Firefox

Hack 96. Turn on Firefox Diagnostics

Hack 97. Find the Right Forum for Your Issues

Hack 98. Survive Bugzilla

Hack 99. Find Out What Has Been Fixed

Hack 100. Help with the Future of Firefox

Colophon

Index

SYMBOL

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

X

Z
توضیحات
افزودن یادداشت جدید






Hack 19. Grant Trust with Master Certificates

Control secure uses of Firefox completely with
an overriding master certificate.

Web site content can request trusted access to Firefox by presenting
content that is digitally signed [Hack #18] . Trusted access lets the
content break out of the web page sandbox. The user must manually
confirm that they trust the signed content presented before this can
happen. This hack explains how to avoid that manual confirmation.


2.10.1. Master Certificate Concepts


Firefox supports the use of a master
certificate. Such a certificate is different
than the master password that can be set in the
Options dialog box in the following ways:

Master password


Stored in the Firefox user profile area: one piece of data per user
profile. Provides an overall security check per profile and privacy
for each user.


Master certificate


Stored in the Firefox install area: one JAR file only. Provides an
overall security check for one or more remote websites and secure
access to the browser for those web sites.



In other words, a master password keeps other users out; a master
certificate lets web sites in. Since all this information is stored
on the same computer as Firefox, both are subject to change from
anyone who can log in to the computer.

A typical use of a master certificate is for a
vendor, distributor, or deployer to bundle it with a Mozilla-based
product. This gives a distributor a back door through which they can
control the browser's security status. This back
door can be exploited for different reasons, depending on the web
environment:

In a conservative environment


It allows the distributor to create a community of trusted web sites
that all have secure access to the user's browser.
Such a community can aggregate value-added services in the
user's browser.


In a liberal environment


It allows a distributor to insist that security restrictions must
be dropped by those that read either the vendor's
web site or the vendor's friends'
web sites. Such an environment ensures that no user can hold back
from engaging with the rest of the community.



Master certificates are, therefore, a management tool similar to
Firefox's Update Manager, with the following
differences:

The Update
Manager requires both dialog boxes and user interaction. Master
certificates work automatically.

The Update Manager provides search, version, download, and install
tools. Master certificates must be deployed by hand.

The master certificate uses fine-grained security. Update Manager is
all-or-nothing.

Scripts trusted via the master-certificate system must still request
the secure access they need. Scripts in updated extensions and
patches are automatically secure.


In both cases, the user must download a URL before any security
checks happen. You can arrange matters so that such checks are
automatic. For example, you can set the home page to a URL that
points to suitably signed content.


2.10.2. Deploying Master Certificates


A master
certificate is deployed as a signature on a JAR file. No other
contents are required in the JAR, so it can contain either nothing
(an empty directory) or some dummy content. Just store the
certificate [Hack #17] and sign the
nonexistent content normally [Hack #18] . The JAR file must be named
systemSignature.jar (the filename is
case-sensitive).

Do not keep the master certificate inside any of
Firefox's user profiles. That can become very
confusing at runtime. Maintain separate copies of the three
.db files signtool requires,
and keep them in a secure place. At worst, maintain a separate,
dedicated Firefox install or a separate Firefox user profile. Use
that separate configuration for nothing other than maintaining the
master certificate.

Next, place the JAR file in the Firefox install area. It should go in
the same directory as firefox.exe (Windows),
firefox-bin (Linux/Unix), or in the
Essential Files directory on Mac OS X. Restart
Firefox.

To test whether the certificate is working, sign a piece of content
with the master certificate. The content should also use the
netscape.security.PrivilegeManager.enablePrivilege( ) method [Hack #18] . Put the resulting JAR file
behind a URL. Download it and confirm that the privileges are
automatically granted.

Master certificates can also be wrapped up inside an Extension and
deployed that way.


2.10.3. Delegating Trust to Others


The trust that the master certificate provides can be
passed on (inherited, adopted, or added) to other certificates. This
means that content signed with those other certificates can gain full
access to the browser. To do this, content signed by the master
certificate must tell the browser who else should be trusted, using a
special web page JavaScript script.

The netscape.security.PrivilegeManager API
includes two methods that are available only to scripts signed with
the master certificate. These JavaScript methods spread trust to
other certificates. They look like this:

netscape.security.PrivilegeManager.setCanEnablePrivilege(fprint, privs)
netscape.security.PrivilegeManager.invalidate(fprint)

fprint is the SHA1 fingerprint of the other
certificate that is to be trustednormally, a web site
certificate. That other certificate may or may not be installed in
the Firefox certificate database. Any certificate can be specified,
though. privs is a set of space-separated
capability privileges [Hack #20] .
MD5 fingerprints are not supported.

To find out the fingerprint of a certificate, either view its details
in the Firefox Certificate Manager, if it happens to be recorded
there, or run these commands, downloaded as part of the Mozilla NSS
package:

signtool -L -d "."
# list all known certificates
certutil -L -d "." -n"name"
# display details for cert. "name"

Scripts delegating trust can also be wrapped up inside an Extension
and deployed that way.


2.10.4. Alternatives to Master Certificates


You don't have to use a master
certificate. There are several alternatives:

Provide a page of links to all content to be trusted and ask users to
spend Friday afternoon clicking on all of them. Get them to save
their choices so that they are never asked again.

Follow the preceding approach for a single user. When finished, copy
the user's updated certificate database to all other
Firefox users' profiles.

Extensions can do anything, and security arrangements are stored in
the Firefox preferences
file. You can build a custom
security system as an Extension that sets up whatever security
arrangements are required for normally secure web pages.



/ 164