Web Page Security: Securing Web Pages against Piracy / Theft
Securing web pages and content with DRM Security
What is web page security?
When we talk about web page security we may be talking about a number of different things all at the same time. In fact, thanks to the IT security industry, who have confused everyone with the idea that web page monitoring services and the use of SSL are all you need to know about web page security.
Of course it is obvious to anyone that there is a lot more to web page security than that. In fact, it is amazing (or even frightening) that so little has been said about the real requirements for web page security, unless, of course, it happens to be that they have no products to provide web page security, so they simply do not bother to tell people what their likely requirements are because they have nothing to sell.
The first part of securing web pages is being able to assure the recipient of a web page that it really did come from the web site they think it did. All too often these days, phishing attacks are based upon people being misled into using a web site that is not the real site of the organization, but a fake site that looks almost as good.
We note educational articles published by ArticSoft Technologies which discuss in some detail the problems with Internet fraud, the requirements for secure web pages and the kinds of requirements that need to be met if you want to have real security.
Apart from knowing where the web page that you are looking at came from, you also need to know that the information is genuine, and has not been altered. Now that is much more complicated than knowing where a web page came from. But if you are providing information that you sell directly from your web site maybe it is important to both you and your customers that they are certain that the information really did come from you and that it is real (correct, accurate, credible and so on).
Finally, from the publisher’s point of view, you may wish to be certain that the web pages can only be seen by those duly authorized to see them. Whether this is a price list for resellers or the Members only area of a web site that is only available to people who have paid a subscription in order to see information does not matter. The principles are the same. If you are not authorized then you may not use the information. That must be web page security.
Since there are currently no general purpose web page security services (the company ArticSoft Technologies that we mentioned earlier did propose a product for web site and content verification using cryptography) we have created our own approach to ensuring that information on web pages is correct, comes from the authorized location, cannot be forged, and can only be used by those properly authorized to use it.
It does not matter what the web content is (provided it is html, flash, jpeg, tiff and gif) it can be protected so that authorized users can be certain that it could only possibly come from the correct location, and the content must be exactly what was published and has not been altered by a hacker. Because that is what web page security is actually about.