Below are security features have been tested in the following web browsers:

• Mozilla Firefox (version 1.5.0.4 running on Windows XP SP2)
• Microsoft Internet Explorer (version 6.0 running on Windows XP SP2)
• Safari (version 2.0.3 running on MAC OSX version 10.4.6)

Mozilla Firefox

Mozilla Firefox features an option to Clear Private Data; this option can be found under the tools menu. The following data can be cleared:

• Browsing History
• Saved Form Information
• Saved Passwords
• Download History
• Cookies
• Cache
• Authenticated Sessions

There are check boxes to turn the above options on or off, the options that are turned on to clear by default are; Browsing History, Cookies, Cache, and Authenticated Sessions.

The Clear Private Data option can also be used through Options under the Tools menu. Once in options the private data can be cleared individually through the Privacy tab.

The Clear Private Data option can be set to clear private data when Mozilla Firefox closes, this can be done through Tools –> Options –> Privacy tab –> Settings button, and then tick the box that says Clear private data when closing Firefox.

Microsoft Internet Explorer

Microsoft Internet Explorer has its security features in Internet Options which can be found under the Tools menu. The security features include:

• The General tab

1. Deleting cookies and temporary internet files
2. Clearing the browser history

• The Security tab

1. Internet security level – by default this is set to medium, prompts before downloading potentially unsafe content and unsigned ActiveX controls will not be downloaded. The custom level allows the user to adjust the security level to High, Medium, Medium-low, and Low. Each of these levels changes various security settings.
2. Local intranet security level – by default this is set to medium-low, most content will be run without prompts, unsigned ActiveX controls will not be downloaded, same as medium which is the default in internet security only without the prompts. The custom level allows the user to adjust the security level to High, Medium, Medium-low, and Low.
3. Trusted sites security level – by default this is set to low, minimal safeguards and warning prompts are provided, most content is downloaded and run without prompts, and all active content can run. The custom level allows the user to adjust the trusted sites security level to High, Medium, Medium-low, and low.
4. Restricted sites security level – by default this is set to high, less secure features are disabled. The custom level allows the user to adjust the restricted sites security level to High, Medium, Medium-low, and Low.

• The Privacy tab

1. Settings – by default the privacy settings are set to medium, blocks third-party cookies that do not have a compact privacy policy, blocks third-party cookies that use personally identifiable information without your implicit consent, and restricts first-party cookies that use personally identifiable information without implicit consent. The sites button allows the user to add sites that are allowed to use cookies.
2. Pop-up blocker – by default the Block pop-ups check box is ticked, there is a settings button that allows the user to add sites that are allowed to use pop-ups (the pop-up blocker option is not available in WTS).

• The Content tab

1. Certificates – the clear SSL state button clears the SSL cache, the Certificates button lists the Intermediate Certificate Authorities, the Trusted Root Certification Authorities, the Trusted Publishers and the Untrusted Publishers.
2. Personal information – AutoComplete stores previous entries and suggests matches for the user, the AutoComplete button allows the user to turn on AutoComplete for web addresses, forms, and usernames and passwords on forms. The user can also clear forms and clear passwords from the AutoComplete button.

Safari

Safari features an option for Private Browsing; this option can be found under the Safari menu. The Private Browsing feature ensures that private data is cleared from the browser; this is similar to the Clear Private Data feature in Mozilla Firefox, only the user has to turn the Private Browsing feature on before browsing whereas the Clear Private Data feature can be used after the browsing has occurred. The following data will not be saved when the Private Browsing feature is selected:

1. Web pages are not added to the history.
2. Items are automatically removed from the Downloads window.
3. Information is not saved for AutoFill (including names and passwords).
4. Searches are not added to the pop up menu in the Google search.

Until the Safari window has been closed users can still click the Back and Forward buttons to return to web pages that have been opened.

When turning on Private Browsing a box pops up asking if the user is sure that they want to turn on Private Browsing, users can either click Yes or No.

Safari also gives users the following options:

1. Clear History – this option can be found under the History menu.
2. Empty Cache – this option can be found under the Safari menu.
3. Turn on/off AutoFill for usernames and passwords, and forms – this option can be found under the Safari menu in Preferences under the AutoFill tab.

The easiest and fastest way to clear the private data is to Reset Safari which deletes all stored sessions, passwords, history and cookies.

One can pinpoint the direction your dynamic site is going on the search engines by analizing the keyword activity. Below is an article on Google Hot Trends that I found interesting from the Digital Trends.

We don't want to imply that readers are the sort of folks who have to know what everyone else is searching for on the Internet, so, like, they can search for it too, but we thought we would note the launch of Google Hot Trends, a new service from the search engine giant which tracks the 100 fastest-rising search queries in the United States.

The new feature replaces the weekly Zeitgiest list Google has been producing for the last several years—although the company promised to continue compiling monthly summaries for each country, along with yearly wrap-ups. Instead of the weekly Zeitgeist, Google Hot Trends presents the hottest current search terms in what Google characterizes as "very close to real time." The listing is updating repeatedly throughout the day, and users can watch hot queries shift around as news breaks, celebrity gossip leaks, current events unfold, and the whims of cultural consciousness change.

Google says the Hot Trends are not the terms people are looking for most frequently—of course, many of those search terms are boring ("myspace", "ipod," "games", "weather", etc.) or things Google doesn't necessarily want to publish. Instead, Google analyzes search queries and presents searches that are deviating the most in relationship to the past traffic. So, if a search term paddles along with a few hundred queries a day and suddenly jumps to a million queries a day, it's deviated significantly from its past search pattern and might pop up on Google Hot Trends.

For each search term in the Hot Trends list, Google will pull up results from Google News, Blog Search, and web search; Google also displays the "hotness" of search terms by country, U.S. states, and cities. Users can also use Google Trends compare search queries against search other, and see how they fare across regions.

Of course, search terms must have enough search volume to provide data for Google Trends—which means most people won't be able to "egosurf" Google Trends using their names. Maybe Google will create that feature in the future.

That said, if one wonder's why he doesn't get enough traffic from the search engines, he should revaluate the interest in his topic within the general public.

Sensitive information often is stored on database servers and other storage facilities for later retrieval. At this point, it is critical to have at your disposal a facility that allows you, as a developer, to secure that data at storage time and retrieve the information you are looking for when you need it.

PHP offers an extension that allows developers to use the Mcrypt Library (mcrypt.sf.net) to secure data by encrypting it and later decrypting it. The documentation of the Mcrypt extension for PHP is located at [url=http://www.php.net/mcrypt]www.php.net/mcrypt[/url], and it should be studied carefully before implementation.

The Mcrypt extension supports an impressive array of algorithms, including triple-DES, Blowfish, Twofish and Two-Way. Using the Mcrypt extension is not a very intuitive process if you are not familiar with encryption; it can become quite confusing because of the variety of block algorithms and encryption modes available.

Read the full article at Linux Journal with a sample of a typical use of Mcript Extension.

PHP's Safe mode is something you should learn to work with whether you are a PHP developer or a system administrator. Safe mode is a set of configuration options that allow the system administrator to alter the behavior of the PHP interpreter by implementing security measures. From a system administrator's point of view, this means you must learn how to implement this feature properly, without making it impossible for developers to set up their applications on your server. From a developer's point of view, you must learn what possibly could get broken in your application if this feature is turned on.

Read the rest of this story »

Great article from the Wall Street Journal about how small businesses can benefit directly from blogging to increase their customer base through search engine optimization. As the Wall Street Journal says so eloquently, "Blog It and They May Come."

Read more at WSJ...

"Adding a blog that's updated regularly can offer several benefits. It may establish you as an expert in your industry, but it's also more likely to generate links to your Web site from other sites. Getting other sites to link to yours in turn will boost your site's ranking on search engines."

Read more at WSJ...

Summary: A list of common mistakes with e-commerce shopping cart design were identified in a previous issue of Usability News. This article revisits that list and reviews how 500 of the top Internet retail sites of today implemented their shopping cart design.

I found this part particularly amusing:

"6. (2002) Requiring a user to REGISTER before adding an item to the cart. Some sites we have tested require a user to register with personal information before an item can even be placed into the cart! This is a turn-off to users who may be browsing or comparison-shopping. They may or may not purchase the items, but they definitely do not want to commit personal information just to fill the shopping cart and will leave the site because of it.

(2007) Users still encounter this and hate it! In a recent SURL usability study of a high tech corporate website, users complained bitterly of having to register on the site before they could read a company white paper. Most said they would rather search the web for another way to access the same information rather than register with their personal information. Even requesting an email address (and not personal address info) is a deterrent.

Figure 10. Unique graphical symbols used to remove an item from the shopping cart. The minus sign (cdw.com), the ?X? symbol (simondelivers.com), and the trash can (solidsignal.com).

Read the full article from Software Usability Research Laboratory.

If Oreo or Girl Scouts' cookies come to your mind, it means that you have to read this little explanation why we need them.

Technically, cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser returns them unchanged to the server, introducing a state (memory of previous events) into otherwise stateless HTTP transactions. Without cookies, each retrieval of a Web page or component of a Web page is an isolated event, mostly unrelated to all other views of the pages of the same site.

Source: Wikipedia

It is absolutely necessary to use the cookie in order for a Web server to identify the user as a legitimate logged-in user in a recorded PHP session. Same way when you go to do your online banking or shopping at Amazon.com