Troubleshooting P3P may sometimes be very frustrating. There are thousands of mail messages that are posted on the www-p3p-policy mailing list from the webmasters that are working on enabling P3P on their web-sites, but have run into difficulties. In some cases, people simply do not understand the way P3P works, but in other cases the webmasters have partially enabled P3P, but with some details not right.
The first thing that must be done, after enabling P3P on your site, would be to check it, to ensure that this implementation is correct.
The www-p3p-policy mailing list gets a steady stream of messages from frustrated Webmasters who are trying to P3P-enable their Web sites and have run into difficulties. In some cases these Webmasters do not understand fundamental concepts about how P3P works. However, in many cases they actually have come pretty close to successfully P3P- enabling their sites, but something is still not quite right. In this article I review some troubleshooting strategies and list some of the frequent mistakes I have seen people make. For more detail about the entire
Making a Device-Independent Web Requires Improved Communication Between User Devices and Web Servers
One of the W3C's primary goals is Universal Access. Users must be able to use their choice of devices to access Web content, in ways that are appropriate for their hardware capabilities, software, network infrastructure, native language, culture, geographical location, or physical abilities. CC/PP provides a standardized format of the description of information that will allow Web-enabled devices to effectively communicate their capabilities to the
The World Wide Web Consortium (W3C) announces the release of the Composite Capability/Preference Profiles (CC/PP): Structure and Vocabularies 1.0 Recommendation. CC/PP 1.0 is a system for expressing device capabilities and user preferences, using the Resource Description Framework (RDF). Used to guide the adaptation of content, a CC/PP profile describes device capabilities and user preferences.
A W3C Recommendation is the equivalent of a Web standard, indicating that this W3C-developed specification is stable, contributes to Web interoperability, and
Physical Security
The computer running the web server should be kept physically secured in a locked area. Any backup storage media (tapes, removable disks, etc.) should be similarly protected.
Operating system security
Limited services
The services offered by the computer running the web server should be kept to a minimum. This minimizes the threats to the web server, since each network service carries its own risks. By eliminating all nonessential services you eliminate potential holes through which an attacker could break into your system.
1. Place your web server(s) in a DMZ. Set your firewall to drop connections
to your web server on all ports but http (port 80) or https (port 443).
2. Remove all unneeded services from your web server, keeping FTP (but only
if you need it) and a secure login capability such as secure shell. An
unneeded service can become an avenue of attack.
3. Disallow all remote administration unless it is done using a one-time
password or an encrypted link.
4. Limit the number of persons having administrator or root level access.
5. Log all user
RSS/XML