I was reading your article on HTML5 security. In our company, we are working on a feature to deliver HTML5-based...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
documents to customers, and we are facing an issue regarding the authenticity of the document. PDFs can be signed and, somehow, we are assured of the credibility of the entity that is sending the documents. Is there a way that this can also work for an HTML5 document?
Digital signatures cryptographically bind an electronic identity to an electronic document or message. Signing an electronic document with a digital signature provides the recipient with these assurances regarding the document:
- Authenticity: assurance that the signer is who he claims to be;
- Integrity: assurance that the content has not been changed or tampered with since it was digitally signed; and
- Nonrepudiation: proof of informed consent and approval by the signatory who cannot deny having sent the message.
<title> Meeting Confirmation </title>
<link rel="stylesheet" href=" https://www.yourcompanywebsite.com/css/style.css">
<p>Hi George, </p>
<p>I confirm our meeting tomorrow at <b>10 o'clock</b>.
A malicious insider or hacker with access to the style.css file could modify it to launch an attack. This is why Microsoft Office blocks external content such as images, linked media, hyperlinks and data connections in workbooks and presentations by default to prevent potentially malicious code running without the user's knowledge or consent. The only way to overcome this problem would be to embed the entire content of a HTML5 document into the message, but this would be very arduous in all but a few simple cases. The document above could be rewritten using either inline style attributes or by using the style element in the head section:
<p>Hi George, </p>
<p>I confirm our meeting tomorrow at <b> 10 o'clock</b>.
Ask the Expert: Want to ask Michael Cobb a question about application security? Submit your questions now via email. (All questions are anonymous.)
Find out more about HTML5 mobile app development
Learn how your enterprise can prevent a malware obfuscation technique that uses HTML5
Read about the benefits of having an internal PKI
Dig Deeper on Disk and file encryption tools
Related Q&A from Michael Cobb
A technique known as the GhostHook attack can get around PatchGuard, but Microsoft hasn't patched the flaw. Expert Michael Cobb explains why, as well...continue reading
Software developed by the hacking group Platinum takes advantage of Intel AMT to bypass the built-in Windows firewall. Expert Michael Cobb explains ...continue reading
Tensions between the U.S. and Russia have led to source code reviews on security products, but the process isn't new. Expert Michael Cobb explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.