Andrew Otwell
2005-Dec-05 19:21 UTC
Re: URGENT -- How do I create a privacy policy with, locomotive?
>>> The problem is (or appears to be) that because >>> we don''t have a privacy policy for our website, the corporation won''t >>> permit access to the site (none of the images load, amongst other >>> problems). >>> >>> I have no idea about privacy policies - how to I make that happen? > > If you google for "privacy policy" you will find plenty of examples (and > some companies offering support for constructing privacy policies). > > Sounds as if you have a previously-unidentified stakeholder. Who is > going to accept or reject the privacy policy, and what are their criteria? > > Finally, what has this got to do with Locomotive?The comment about images not loading also should be utterly irrelevant if all you''re missing is a "privacy policy." There''s no way your server would know if you had one of those or not. Are you sure you''re not actually asking how to handle an SSL Certificate, which you might use to enforce some sort of security policy? A "privacy policy" is just a piece of text written by some law-talking guy, usually says "we won''t sell your email address." A "security certificate" is a public/private key that''s actually enforced by software. See here for one explanation: http://www.verisign.com/products-services/security-services/ssl/ssl-information-center/how-ssl-security-works/
Dave Silvester
2005-Dec-05 22:07 UTC
Re: URGENT -- How do I create a privacy policy with, locomotive?
On Monday 05 Dec 2005 19:21, Andrew Otwell wrote:> The comment about images not loading also should be utterly irrelevant > if all you''re missing is a "privacy policy." There''s no way your server > would know if you had one of those or not. > > Are you sure you''re not actually asking how to handle an SSL > Certificate, which you might use to enforce some sort of security policy? > > A "privacy policy" is just a piece of text written by some law-talking > guy, usually says "we won''t sell your email address."I didn''t catch the original post, however, it seems what the OP is asking about is a Platform for Privacy Preferences (P3P) certificate, which as far as I know is an XML file that details the way information on your site is collected and used, and is used by some browsers (IE6+, some Mozilla browsers although I think it''s now depreciated from the standard builds) to determine whether or not a cookie may be set, and so on. I''ve never made a P3P compliant site myself (yet, although quite possibly will do it on the site I''m currently working on), but there''s info here: http://www.p3ptoolbox.org/ http://www.w3.org/P3P/ http://en.wikipedia.org/wiki/P3P Generators: http://www.p3ptoolbox.org/tools/resources1.shtml It seems P3P has quite a lot of critics though: http://www.epic.org/reports/prettypoorprivacy.html https://bugzilla.mozilla.org/show_bug.cgi?id=225287#c12 Specifically, it doesn''t work well because it relies on sites being honest about something that there is no way of the browser testing (what your company does with user''s information), so in some ways can be used to automatically breach trust, if a site just lies outright. It''s not a good scheme from that point of view. Anyway, as for P3P implementation with a Rails site, based on zero research and off the top of my head, I would guess you can do it by using various tools (such as from the generators link above) to make a template, then just translating it to an rxml file (so you''ll have to reverse-engineer the XML template, but I have done this quite a few times now and it''s ridiculously easy). Then just create a very basic controller to display your rxml template - should be something like that anyway, although I have zero experience of actually implementing P3P myself. I also haven''t used Locomotive, so this is just general (potentially wrong) webdev advice. Hope it you helps, anyway! Best, ~Dave -- Dave Silvester Rent-A-Monkey Website Development Web: http://www.rentamonkey.com/
Bruce Balmer
2005-Dec-05 22:22 UTC
Re: URGENT -- How do I create a privacy policy with, locomotive?
Thanks guys. But I am now totally confused. Ignore my original post - it was made out of ignorance and confusion. I built a site in ruby on rails. It is simple and looks beautiful in Safari. My client uses internet explorer and that is what it must run in. No images show up for my client when she tries to run the site. I also got someone outside their organisation to test it to eliminate dud firewalls etc. The site shows no images for them. It works in Firefox too. You might think that this had nothing to do with cookies but when I loaded up MSIE 5.0 for the mac I saw no images either. When I changed the security settings, the images showed up. Now I can''t stop them from showing up even when I return internet zone security to high. Stranger still, I have found out how to stop cookies ever being submitted to the client''s computer but still it does not seem to be working for my client on IE 6.0 The best I can do today is to use IE 5.0 for mac, although I appreciate that it is not the same thing at all. If anyone has come across this before let me know. As for privacy certificates, well it is odd that no one seems to have run into this problem before. According to the MS docs, IE 6.0 ain''t going to work with cookies without them. bruce On 5-Dec-05, at 3:07 PM, Dave Silvester wrote:> On Monday 05 Dec 2005 19:21, Andrew Otwell wrote: >> The comment about images not loading also should be utterly >> irrelevant >> if all you''re missing is a "privacy policy." There''s no way your >> server >> would know if you had one of those or not. >> >> Are you sure you''re not actually asking how to handle an SSL >> Certificate, which you might use to enforce some sort of security >> policy? >> >> A "privacy policy" is just a piece of text written by some law- >> talking >> guy, usually says "we won''t sell your email address." > > I didn''t catch the original post, however, it seems what the OP is > asking > about is a Platform for Privacy Preferences (P3P) certificate, > which as far > as I know is an XML file that details the way information on your > site is > collected and used, and is used by some browsers (IE6+, some > Mozilla browsers > although I think it''s now depreciated from the standard builds) to > determine > whether or not a cookie may be set, and so on. > > I''ve never made a P3P compliant site myself (yet, although quite > possibly will > do it on the site I''m currently working on), but there''s info here: > > http://www.p3ptoolbox.org/ > http://www.w3.org/P3P/ > http://en.wikipedia.org/wiki/P3P > > Generators: > > http://www.p3ptoolbox.org/tools/resources1.shtml > > It seems P3P has quite a lot of critics though: > > http://www.epic.org/reports/prettypoorprivacy.html > https://bugzilla.mozilla.org/show_bug.cgi?id=225287#c12 > > Specifically, it doesn''t work well because it relies on sites being > honest > about something that there is no way of the browser testing (what your > company does with user''s information), so in some ways can be used to > automatically breach trust, if a site just lies outright. It''s not > a good > scheme from that point of view. > > Anyway, as for P3P implementation with a Rails site, based on zero > research > and off the top of my head, I would guess you can do it by using > various > tools (such as from the generators link above) to make a template, > then just > translating it to an rxml file (so you''ll have to reverse-engineer > the XML > template, but I have done this quite a few times now and it''s > ridiculously > easy). Then just create a very basic controller to display your rxml > template - should be something like that anyway, although I have zero > experience of actually implementing P3P myself. > > I also haven''t used Locomotive, so this is just general > (potentially wrong) > webdev advice. Hope it you helps, anyway! > > Best, > > ~Dave > > -- > > Dave Silvester > Rent-A-Monkey Website Development > Web: http://www.rentamonkey.com/ > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails
Steve Ross
2005-Dec-06 00:32 UTC
Re: URGENT -- How do I create a privacy policy with, locomotive?
They''re pulling your leg. IE 6 works fine without privacy policies. Very few sites implement compact privacy policies (I assume you mean *compact* privacy policies). There''s something else going on here because Microsoft will not break existing behavior if they can avoid it; requiring the privacy policy breaks existing behavior in such a big way that it''s like an open invitation: "Mozilla, take all my market share."> As for privacy certificates, well it is odd that no one seems to have > run into this problem before. According to the MS docs, IE 6.0 ain''t > going to work with cookies without them.
Dave Silvester
2005-Dec-06 00:40 UTC
Re: URGENT -- How do I create a privacy policy with, locomotive?
On Monday 05 Dec 2005 22:22, Bruce Balmer wrote:> Thanks guys. But I am now totally confused. Ignore my original post > - it was made out of ignorance and confusion.OK... although I''ve still not seen it! ;-)> I built a site in ruby on rails. It is simple and looks beautiful in > Safari. My client uses internet explorer and that is what it must > run in. > > No images show up for my client when she tries to run the site. I > also got someone outside their organisation to test it to eliminate > dud firewalls etc. The site shows no images for them. > > It works in Firefox too.Perhaps you have a bad server setting of some sort? I don''t know what it could be, but if you post the URL, I will take a look tomorrow. Or, if you could post a sample of the output from the Firefox Live HTTP Headers extension, that might help: http://livehttpheaders.mozdev.org/ Clear everything (cache, cookies etc.), do the initial page load, and post the results to: http://rafb.net/paste/> You might think that this had nothing to do with cookies but when I > loaded up MSIE 5.0 for the mac I saw no images either. When I changed > the security settings, the images showed up. Now I can''t stop them > from showing up even when I return internet zone security to high.That is strange, but IE is a bug-ridden POS, so it could be caused by the phase of the moon or the football scores for all I know! ;-)> Stranger still, I have found out how to stop cookies ever being > submitted to the client''s computer but still it does not seem to be > working for my client on IE 6.0I think you are chasing a red herring of some description, but until I take a look, I can''t tell you why it''s not working.> The best I can do today is to use IE 5.0 for mac, although I > appreciate that it is not the same thing at all.That''s putting it lightly! ;-)> If anyone has come across this before let me know.Please post a URL, if possible - it''s hard to debug this kind of problem without the ability to experiment and see what''s going on. I''m sure it will prove easy to fix though - you''ve probably just slipped up somewhere.> As for privacy certificates, well it is odd that no one seems to have > run into this problem before. According to the MS docs, IE 6.0 ain''t > going to work with cookies without them.Pretty sure, just from first hand experience, that that''s a load of crap. There''s some things you may not be able to do (like cross-domain cookies, I think - not sure, as again, I never use them), but as far as I know, quite a few of my sites use session variables (and hence cookies) and have no P3P certificates, and work just fine in all versions of IE that I''ve ever tried them in. This is not what you think it is... which probably isn''t very helpful! ;-) ~Dave -- Dave Silvester Rent-A-Monkey Website Development Web: http://www.rentamonkey.com/
Jon Evans
2005-Dec-06 11:29 UTC
Re: URGENT -- How do I create a privacy policy with, locomotive?
Hi Bruce, On 5 Dec 2005, at 22:22, Bruce Balmer wrote:> No images show up for my client when she tries to run the site. I > also got someone outside their organisation to test it to eliminate > dud firewalls etc. The site shows no images for them.So, view source, find out the URL being used for the image, and view that URL directly in your browser. Does the URL look correct? Do you get an error message in the browser? Does the image file exist beneath public/ at the correct URL? What is the content of your .htaccess file in your public/ directory? Is the image file readable to the user your httpd runs as? Does anything get written to production.log, fastcgi.crash.log or your apache log files when you browse for the image? Can you post the URL so we can have a look at it for you? Jon
Bruce Balmer
2005-Dec-06 16:47 UTC
Re: URGENT -- How do I create a privacy policy with, locomotive?
Gentlemen: Thank you for your help. Please read the new thread I have started call "Problem displaying images in IE 6. Although a newbie, it is my turn to be helpful. I spent over 12 hours on this problem and it is going to happen to others. I do not know how to post tickets or bug reports but someone should tell me so I can post this. bruce On 5-Dec-05, at 5:40 PM, Dave Silvester wrote:> On Monday 05 Dec 2005 22:22, Bruce Balmer wrote: >> Thanks guys. But I am now totally confused. Ignore my original post >> - it was made out of ignorance and confusion. > > OK... although I''ve still not seen it! ;-) > >> I built a site in ruby on rails. It is simple and looks beautiful in >> Safari. My client uses internet explorer and that is what it must >> run in. >> >> No images show up for my client when she tries to run the site. I >> also got someone outside their organisation to test it to eliminate >> dud firewalls etc. The site shows no images for them. >> >> It works in Firefox too. > > Perhaps you have a bad server setting of some sort? I don''t know > what it > could be, but if you post the URL, I will take a look tomorrow. > > Or, if you could post a sample of the output from the Firefox Live > HTTP > Headers extension, that might help: http:// > livehttpheaders.mozdev.org/ > > Clear everything (cache, cookies etc.), do the initial page load, > and post the > results to: http://rafb.net/paste/ > >> You might think that this had nothing to do with cookies but when I >> loaded up MSIE 5.0 for the mac I saw no images either. When I changed >> the security settings, the images showed up. Now I can''t stop them >> from showing up even when I return internet zone security to high. > > That is strange, but IE is a bug-ridden POS, so it could be caused > by the > phase of the moon or the football scores for all I know! ;-) > >> Stranger still, I have found out how to stop cookies ever being >> submitted to the client''s computer but still it does not seem to be >> working for my client on IE 6.0 > > I think you are chasing a red herring of some description, but > until I take a > look, I can''t tell you why it''s not working. > >> The best I can do today is to use IE 5.0 for mac, although I >> appreciate that it is not the same thing at all. > > That''s putting it lightly! ;-) > >> If anyone has come across this before let me know. > > Please post a URL, if possible - it''s hard to debug this kind of > problem > without the ability to experiment and see what''s going on. I''m > sure it will > prove easy to fix though - you''ve probably just slipped up somewhere. > >> As for privacy certificates, well it is odd that no one seems to have >> run into this problem before. According to the MS docs, IE 6.0 ain''t >> going to work with cookies without them. > > Pretty sure, just from first hand experience, that that''s a load of > crap. > There''s some things you may not be able to do (like cross-domain > cookies, I > think - not sure, as again, I never use them), but as far as I > know, quite a > few of my sites use session variables (and hence cookies) and have > no P3P > certificates, and work just fine in all versions of IE that I''ve > ever tried > them in. > > This is not what you think it is... which probably isn''t very > helpful! ;-) > > ~Dave > > -- > > Dave Silvester > Rent-A-Monkey Website Development > Web: http://www.rentamonkey.com/ > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails