Firefox Security

Question - I am using the FireFox 1.5 or later browser with the Prizm Viewer. Are there any particular security considerations that I need to consider?

Answer - If you want to use annotations with Firefox 1.5 or later, you must add security settings for Firefox to be able to open local content (on your local hard drive) from your site. Prizm Viewer will request that the browser open a temporary file on your local hard drive when saving annotations. The security settings will be similar to the following:

user_pref("capability.policy.policynames", "localfilelinks");

user_pref("capability.policy.localfilelinks.sites", "http://server");

user_pref("capability.policy.localfilelinks.checkloaduri.enabled", "allAccess");

It is critical that the server URL matches the security settings entries. For the "capability.policy.localfilelinks.sites" value, the value(s) contained within the second quotes must match the syntax that the user will be using to access the images. In the example above, any path on "http://server" will work, any other designation for the same server would not work.

For example, if the URL of the image were "http://server.domain.com/images/image.tif", saving annotations would fail because the designation for the server does not match the setting. Likewise, it would fail if you accessed it using the IP address (http://192.168.1.3/images/image.tif"). If you wanted to be able to access the same image using all three designations, you would need to have the following security setting:

user_pref("capability.policy.localfilelinks.sites", "http://server http://server.domain.com http://192.168.1.3");

Each URL entry should be separated by at least one blank. You can also specify that only certain folders for the server should work, with syntax similar to the following:

user_pref("capability.policy.localfilelinks.sites", "http://server/images http://server.domain.com/images http://192.168.1.3/images");

With this example, only pages within the /images subfolder would be able to open local file links. For more information, please refer to: http://kb.mozillazine.org/Links_to_local_pages_don't_work. Please review the following information to determine if the settings that have been implemented in the steps outlined above are working as expected.

If your settings are correct, it should work. You need to pay special attention to make sure the server name in the URL for the image you are displaying matches the entry in the security settings for the "capability.policy.localfilelinks.sites" setting.

The other item you need to pay attention to is if the Firefox pop-up blocker (or any other pop-up blocker you may have installed) is causing the windows to not work correctly. An easy way to test this is to use the Prizm right-click menu and go to the "Help" link. If the popup blocker is interfering, it will not display the "Help" page in the browser, and if it is the Firefox popup blocker, a status bar will display indicating that it is blocking a popup window.