[NoCat] Pop-Up blockers

Espen H. Koht ehk20 at cam.ac.uk
Sat Nov 24 10:07:39 PST 2007 

Given the associated security risks with this I think a neater  
solution to this is what the University of Cambridge has done with  
their "Lapwing" wireless service. Instead of automatically redirecting  
to the original request from the login confirmation page and then  
popping up a keep-alive window, it is the login confirmation page  
which contains the keep-alive code plus a link to open the  originally  
requested page in a new window, from which you start your web  
browsing. This gets around the pop-up issue since user-initiated  
window creations aren't normally blocked by pop-up blockers. User can  
of course minimise the login confirmation page they way they would the  
classic pop up window, so the fact that it is a normal sized browser  
window isn't much of an issue.

Unfortunately doing this is not a simple configuration change since it  
requires code
changes to NoCat.

Espen


On 24 Nov 2007, at 17:28, Shawn Kondel wrote:

> We found this to be annoyance for our users that have some kind of  
> pop-up blocker whether it be IE7, IE6 w/ XPSP2, FF, or 3rd party, so  
> our solution for time being was to extend the renewal idle timeout  
> to 24 hours (NoCat gateway daemon gets restarted at 1:00am daily by  
> cron job) and take out the renewal popup html code from the  
> login_ok.html file on NoCat authentication server.  In other words,  
> the login user gets access to Internet all day without having to re- 
> authenticate unless the user gets a different IP address later on.   
> This poses some problems when a new user gets the old user's IP  
> address that has already been authenticated. (Temporary solution is  
> the have a bigger DHCP dynamic IP address pool than the average  
> login users.  DHCP server would give the users same IP address as  
> long as possible and would not reallocated old IP address to another  
> user unless all the new IP addresses from the pool are used up)
>
> Another solution (which I am working on) is to modify the gateway  
> source code to monitor packet activities from IPtables and if there  
> any packet in-activities for number of defined minutes, flushed  
> associated IP address from the IPtables chain.  The users would have  
> to re-authenticate again if they tries to get back on again.
>
> The problem I have now is how to deal with users that have browsers  
> with proxy settings enabled.
>
>
> Shawn
> Utah State University IT
>
> -----Original Message-----
> From: nocat-bounces at lists.nocat.net [mailto:nocat-bounces at lists.nocat.net 
> ] On Behalf Of Eduardo Bejar
> Sent: Thursday, October 18, 2007 10:15 PM
> To: nocat at lists.nocat.net
> Subject: [NoCat] Pop-Up blockers
>
> Hi everyone,
>
> I´ve been reading the mailing list archives and haven't found a  
> definitive
> answer about this issue. Regarding pop-up blockers, how are you  
> handling
> the NoCat pop-up window that opens after a user authenticates?
>
> Have you found a way to load this window despite the use of pop-up
> blockers, specially the one included in IE7?
>
> Thanks and regards,
>
> Edo
>
>
>
>
> _______________________________________________
> NoCat mailing list
> NoCat at lists.nocat.net
> http://lists.nocat.net/mailman/listinfo/nocat
>
>
> _______________________________________________
> NoCat mailing list
> NoCat at lists.nocat.net
> http://lists.nocat.net/mailman/listinfo/nocat

More information about the NoCat mailing list