" javascript Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘javascript’

6 ways to improve your web site forms

Wednesday, February 18th, 2015

Web site forms are ubiquitous.  Every site needs them to engage their visitors, collect information, makes sales, etc.  They are easy to add to your site, but not necessarily easy to do right.

Make a quick web form using some generic web site authoring software and put it up on your site and it may work, but you also may have serious issues:

  • Incomplete Forms. Users submitting incomplete forms — e.g. not filling out all of the important fields
  • Invalid Input. Users not entering the “right” information — e.g. not actually putting an email address in the email address field
  • Form Spam Bots. Automated programs may fill out and submit your forms … sending you junk in the form of gibberish or web site URLs they hope you will visit and buy stuff from.
  • Form Insecurity. If your from collects any kind of sensitive information … from passwords to medical data … it could easily be setup incorrectly and allow phishing attacks or data leakage.
  • Stale Forms. You updated your form … but someone just somehow submitted the old version which is not even on the Internet anymore!
  • Connectivity/Server Issues. You don’t want your users to give up because their network is down or your site is down for a few seconds.

All of these problems impact the success of your site — causing everything from annoyance to the inability to contact your sales leads to breaches of privacy.  Fortunately, it is not really hard to plug these gaps and have a solid, productive, and secure web form.

Read the rest of this post »

SecureForm Form Builder Supports Custom JavaScript

Wednesday, May 7th, 2014

LuxSci’s SecureForm service includes “Form Builder,” which allows customers to visually build and host secure web forms… without needing any special software, hosting, or SSL certificates.

The Form Builder service now supports the addition of custom blocks of JavaScript to each of the hosted pages (with jQuery also automatically included).  Using custom JavaScript blocks, customers can now do things such as:

  1. Conditional logic — show and hide parts of the form dynamically
  2. Dynamically load content from external sources using AJAX
  3. Provide complex user interface elements
  4. Implement custom validation scenarios
  5. Anything else you can think of

Custom JavaScript blocks allow developers to extend the pages built by the SecureForm Builder service to do almost anything they would like…. at no additional charge.

Web Form Spam – Block Spam without a Captcha Code

Tuesday, February 4th, 2014

Many contact us forms and comment forms are plagued by “web form spam”.   Automated programs crawl the Internet looking for web forms.  When found, they start submitting spam advertisements through the forms in the hopes that some of the recipients of these form submissions will see the ads and act on them.  Almost nobody does … but the spam still comes and gets worse and worse over time.

Read the rest of this post »

SecureForm: Protect Yourself from Form Post Failures Using AJAX

Thursday, December 22nd, 2011

Case in point — you have an important web-based form and a visitor has spent 30 minutes filling it out.  The visitor presses the “submit form” button and the form post fails (because the visitor has lost Internet connectivity or for any number of other reasons).  The visitor gets some error screen, gets very annoyed, and quits.  Form post lost, data lost, customer feedback, potential sale … lost.

This situation can be prevented and these important form posts saved by using some JavaScript (AJAX) techniques in your web form page.

Read the rest of this post »

Is SSL/TLS Really Broken by the BEAST attack? What is the Real Story? What Should I Do?

Wednesday, September 21st, 2011

Update – January, 2015.  SSL v3 should be turned off.  RC4 is now weak and should not be used anymore, even as a work around to the BEAST attack.  LuxSci recommends to use TLS v1.1+ and NIST-recommended ciphers.  The BEAST is not really considered a significant vector (even with TLS v1.0) compared to other things, anymore.

Update – April, 2012. openssl v1.0.1 is out and it supports TLS v1.1 and v1.2 which help mitigate this attack.  All web sites hosted by LuxSci now use this updated software and are safe from BEAST.  LuxSci recommends using a web host which supports TLS v1.1 and v1.2 for secure web connections.

—-

SSL v3 and TLS v1 are subject to a serious exploit, according to a recently published attack mechanism (called BEAST).  This sounds foundation-shattering and kind of scary. When people see this, as when we did, the first panicky questions that arise are:

  • What is really affected?
  • How serious is it?
  • What can I do to protect myself?
  • How does the BEAST attack actually work?

After researching this issue, we have digested what we have found and produced this article to answer all of these questions for you.

Read the rest of this post »

JAVA Applets Debut in LuxSci WebMail

Monday, January 26th, 2009

LuxSci has added plug-ins to its WebMail application in version 10.10 of LuxSci’s software which includes two JAVA applets.  So, were we hesitant to add JAVA applets, FLASH, ActiveX, and other plugins in the first place?  And why the sudden change of heart?  What does this mean for our customers who are concerned about security or who do not want or cannot use JAVA applets?

Read the rest of this post »

Mobile WebMail Gets a Facelift

Saturday, January 17th, 2009

LuxSci has completed updates to its "Xpress" WebMail portal that enable it to look and perform well on mobile devices, like the iPhone, Blackberry and other PDAs and smart phones.  With this release, all of the the most used features of the Xpress interface are mobile accessible; the remaining pages (like personal preferences) will be revised in the coming months.

Login to our Xpress mobile portal directly by going to: http://luxsci.mobi

Mobile users can generally also use POP or IMAP for checking their LuxSci email and SMTP for sending email.  The Xpress portal provides a additional mobile-compatible web-based interface.

The significant updates to the Xpress mobile WebMail portal include:

Read the rest of this post »