[2146] in WWW Security List Archive
Re: Framed !
daemon@ATHENA.MIT.EDU (Jacob Rose)
Thu May 23 18:45:03 1996
Date: Thu, 23 May 1996 16:13:22 -0400 (EDT)
From: Jacob Rose <jacob@hummingbird.whiteshell.com>
To: Myllymaki Sakari <Sakari.Myllymaki@tiimi.vnk.vn.mailnet.fi>
Cc: www-security <www-security@ns2.rutgers.edu>
In-Reply-To: <G300214DFBE5000001010001116B0166*@MHS>
Errors-To: owner-www-security@ns2.rutgers.edu
> I have been alerted that somebody is taking credit for our web-pages by framing
> them inside their own pages without asking or giving us credit. Any ideas to
> prevent this?
It seems as though we were just talking about this kind of appropriation
of content (because we were). It really depends on how they're executing
this attack. If they are simply making your URLs the source of their
frames, you can do obvious things like including your organization's name
and logo on the pages, and providing links back to your home page where
appropriate within the context of the documents. If, however, they are
actually filtering your pages, or even just duplicating them (by
downloading all of their components, then reassembling them), your only
true course of action is to take them to court for copyright violation.
In the States, certainly, anything I publish is automatically protected,
whether I include a copyright notice or not, and whether I actually
register the copyright or not (of course, registering entitles you to
compensation from the jerk as well as getting him/her to cease and
desist).
You can stay (or try to) one step ahead of these people by pulling tricks
like setting the "TARGET" value of your anchor tags (ie, links) to one of
the Netscape values that ensures the next document will be loaded at the
root level of the frames (ie, unframed), like "_top". However, they can
redouble their effort and start filtering these things out - if they do
so, though, you can keep their filter from working by specifically denying
service to their domain (or whatever domain you determine they're using to
grab your content). They can't filter the content of your
images without a lot of work, so you might also modify any
images you use in your pages to include your company logo. Ultimately,
though, the tug-of-war will end with you in the mud. Why? Because you
WANT people to be able to get your content.
So, to sum up, you can protect your byline a bit by including your own
name more often (say, in headers and footers), TARGETing your links at the
root frame (or a particular named frame, but keep in mind your antagonists
can change their frame's name to match), denying service to the offensive
domain (at the web server or the router), and using images watermarked or
captioned with your logo.
Jacob Rose "The truth is where the sculptor's
jacob@whiteshell.com chisel chipped away the lie."
