539Chapter 29Securityin such seemingly harmless files as word (Best web design)
539Chapter 29Securityin such seemingly harmless files as word processor documents. Indeed, Microsoft was caughtin this very bind when it inadvertently released a CD-ROM with a Word document containingthe Melissa virus. See the section Site defacement at the beginning of this chapter for other ways that yourvisitor may inadvertently receive malicious code. E-mail safetyE-mail is the least secure of any of the Internet protocols. As it travels to its destination, itmay be spooled on several intermediary servers. If security is weak on a server, it is not diffi- cult for a cracker to read e-mail passing through that server. Send as little critical informationas possible via e-mail. That is, nevere-mail credit card numbers, and try to avoid sendingpasswords via e-mail unless absolutely necessary. It is interesting that most existing sites donot adhere to the latter point. Whenever your site asks for your visitor s e-mail address, it should explain exactly how theaddress is to be used and to whom it is to be released. Whenever an e-mail address is pre- sented on a Web page, it should be modified so as not to be easily identified by automatedsearch engines picking up e-mail addresses to produce spam. The easiest and most elegantway to do this is to replace the @symbol by the word at. Unless absolutely necessary, avoid creating mailto:links. These links are excellent sourcesof spam addresses and are inconvenient for visitors who do not use their Web browser forsending e-mail. Cross- ReferenceSystem administratorsSystem administrators, also called sysadmins, are the folks who make sure the computers we alluse keep on computing and that the Internet keeps on networking. Their jobs are shrouded inmystery: They hold the keys to the mysterious machine room where all the critical servers arestored. It s not unusual to see them hurrying into the office at midnight, surely to avert some cri- sis that could bring the company to its knees. Sysadmins are also a very cautious lot. They tend to program their servers to report any unusualactivity immediately (often to the large-screen alphanumeric pager they carry at all times) and totake swift, decisive action against anything they deem improper or unsafe. A professor in a Computer Science department once asked his students, as homework, to breakinto his Linux desktop. To make things a little easier, he gave the encrypted text of his password(see the description of crypt()in the section Reading arbitrary files ). In a testament to thesecurity of the Unix crypt()function, none of the students cracked his desktop. Several of hisstudents were denied access to their campus accounts, however, and questioned by universityofficials because they were running computationally expensive programs named crack! If you aren t your own system administrator, but you are concerned about the security of yoursite, it is probably a good idea to befriend your local sysadmin. He or she can sometimes suggestways to make your site more secure and can also be an enormous help in recovering from anincident.