Latest News

How Not To Make Your Blog Private

By SelvaKumar 8:21 AM , , , , , ,
Blog owners have been asking, for years, how to protect their blogs against viewing by undesired or unknown readers.
How do I password protect my blog?
When told that Blogger password protection involves membership invitations, accepted using a Blogger Google account, some would be private blog owners decline the suggestion.
That's too complicated for my readers! Can't I just give everybody a password?
But Blogger does not use common passwords.

Some blog owners, who are technically astute, find add on template code, provided by third parties - which demands a password, in a popup window, to continue. This is where their problems start.

The addition of third party supplied JavaScript code, to our blogs, has always been a dodgy process.

With third party JavaScript code used to provide password protection against unknown readers, this is even more hazardous to your blog. From time to time, we have a blog owner who installed password protection code in his blog template - and subsequently found his blog locked.
I received email saying that my blog has been removed, and has been marked as spam. The email is as follows:
Your blog has been reviewed and confirmed as in violation of our Terms of Service for: MALICIOUS_JAVASCRIPT. In accordance to these terms, we've removed the blog and the URL is no longer accessible.
Can you please review and unlock my blog?

But the story does not end there. Subsequent review of the blog was denied, by Blogger Support.
Your password prompt is not dismissable - and forces users to close their entire browser session, as the Cancel button does nothing. This is malicious behavior, and prevents anyone one on our team from even reviewing your blog content.
This leaves the blog owner with a deleted / locked blog, and no chance of getting the blog back.

Besides the potential threat above, which becomes actual only after spam classification detects the add-on code as malicious, any security expert will recognise two reasons why this solution is worthless.
  1. JavaScript code can be blocked, by any reader with a well implemented security policy.
  2. If not blocked, anybody can view source code and find the "password" right there, in plain sight.
This "solution" is therefore worthless for two reasons.
  1. It is risky.
  2. It does not work.

Why risk loss of your blog, for a risky solution that does not work? There's only one way to protect your blog from unknown readers.
  1. Send each would be blog reader a membership invitation, using the Permissions wizard.
  2. Instruct each reader to open and accept the invitation, using any preferred Blogger account.
Don't script your blog, and risk deletion - and incidental damage.
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Contact Us

24x7 online , we happy to answer you
tamilcypc@gmail.com

Disclaimer

This Blog and its TUT's are intended for educational purposes only, no-one involved in the creation of this TuT may be held responsible for any illegal acts brought about by this Blog or TuT.



Featured Post

Custom Domains And HTTPS Redirection Code