Web Hosting Forum | Lunarpages

Author Topic: iFrame defense - how important is it ?  (Read 7195 times)

Offline scooternh

  • Trekkie
  • **
  • Posts: 10
iFrame defense - how important is it ?
« on: March 15, 2014, 01:37:10 PM »
There are two issues here, one is intellectual property, the other is protecting my users.

I recently found a site that was creating an iFrame and loading my entire site into it. The result was that a user who clicked their link trying to get to my site was served their page, with my site embedded in it. Users could not bookmark my site , and clicking links on my site remained within the iFrame. So in terms of intellectual property, my site was being "stolen".

The second issue is that apparently there is an exploit called click-jacking  which uses iFrames - in this scenario, a site is loaded into an iFrame as 'bait' and overlaid with an invisible page that has links that get activated when the user tries to access the 'bait' page.

I found that modern browsers will refuse to display a page in an iFrame if the page has the x-frame-options="DENY" setting in the page header - easy to do with .htaccess in Apache.
There is another defense using javascript, but that defense can be broken. Apparently this one can't (so far).

SO: (sorry about all the background)   ...my question is -  how important is this to you as a webmaster / content creator?   

I sort of stumbled on it by accident, it seems like something that should be part of every 'how to secure your site' FAQ

Thanks for comments



Offline mikewashtm

  • Intergalactic Cowboy
  • *****
  • Posts: 52
Re: iFrame defense - how important is it ?
« Reply #1 on: March 18, 2014, 04:15:05 AM »
Hi. I'm new. It might be tough to roll that one out in the first place and this needs a lot of testing yet. For sure if not properly plan, you get a lot of angry customers not being able to view the page.

 

Share |