Turn: A Brief Introduction to p3p Technology

Source: http://blog.csdn.net/ghj1976/article/details/4889219

Internet Explorer is used as an example. By default, Internet Explorer's privacy policy is set as follows:

(Figure 1)

Note this one:Prevent saving third-party cookies that can be used to contact you without your explicit consent.

Let's first demonstrate how this article works:

Site B .com has such a webpage: http:// B .com/WebApp_P3P/p3p.htm

The source code of this page is as follows:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
In this source code, IFRAME contains a page of the.net site. At this time, the first site is B .com, and the third site is a.net.
The http://a.net/WebApp_P3P/a_setcookie.aspx function is very simple, is to write a long-term preservation of the cookie, the Code is as follows:
<% @ Page Language = "C #" autoeventwireup = "true" %> <! Doctype HTML public "-// W3C // dtd xhtml 1.0 transitional // en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd"> <SCRIPT runat = "server"> protected void page_load (Object sender, eventargs E) {httpcookie Hc = new httpcookie ("ghj", String. format ("AAAA _ {0 }_{ 1}", datetime. now, request. URL); HC. domain = ".a.net"; HC. expires = datetime. now. adddays (14); HC. path = "/"; response. cookies. add (HC); response. write ("aaaa ");} </SCRIPT> <HTML xmlns = "http://www.w3.org/1999/xhtml"> 
(Figure 2)
Note: As shown in figure 3, double-click the icon to view the following form.
(Figure 4)
We also write a page http://a.net/WebApp_P3p/a_getcookie.aspx to get the cookie, the Code is as follows:
<%@ Page Language="C#" AutoEventWireup="true" %><!doctype html public "-//w3c//dtd xhtml 1.0 transitional//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd"><script runat="server">    protected void Page_Load(object sender, EventArgs e)    {        if (Request.Cookies.AllKeys.Contains<string>("ghj"))            this.Label1.Text = Request.Cookies["ghj"].Value;        else            this.Label1.Text = "null";    }</script>
We first visit the http:// B .com/WebApp_P3P/p3p.htm; then visit the http://a.net/WebApp_P3p/a_getcookie.aspx page and we will find that there is no cookie.
Similarly, we use the following methods to create cookies on a third-party website.
<SCRIPT src = "http://a.net/WebApp_P3P/a_setcookie.aspx"> </SCRIPT>  <! -- No third-party website can write cookies as long as it is accessed by any third-party website. Here we only list several common methods -->
In the above demonstration, you can also perform this operation on your local machine. You only need to make the following modifications:
Run the following command notepad C:/Windows/system32/Drivers/etc/hosts to open the hosts file. Make sure that the following two lines are added to the hosts file:
127.0.0.1 a.net
127.0.0.1 B .com
What if I solve this problem?
A very simple solution is to modify the http://a.net/WebApp_P3P/a_setcookie.aspx file and add the following line of code in it:
Response.Headers.Add("P3P", "CP=/"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR/"");
 
This line of code is a simple p3p application. What is p3p?
P3p (Platform for privacy preferences) is a privacy protection recommendation standard published by W3C (World Wide Web Consortium. Microsoft Internet Explorer 6 (IE6) is the first browser to support this new privacy standard. Firefox does not currently support the p3p security feature. With p3p, you can set the browser to automatically detect whether a website collects personal identity information, use this information to create user files, or allow visitors to reject data collection.
A Browser With the p3p capability has some default options available for you to choose from. You can also customize your settings by answering questions (for example, which data you are willing to share and what types of cookie files you are willing to accept. When you browse the Web, the software determines whether your privacy preferences match the website's data collection practices.
Browsers with p3p capabilities will pay special attention to cookies. Cookie is a piece of text stored on your computer's hard disk. It allows web applications to respond to you in an individual way. By collecting and memorizing your preference information, web applications can modify their operating modes based on your needs, interests, and dislikes. Using a browser with p3p capabilities, you can choose whether to accept various types of cookies, such as staged (temporary), permanent, within or outside the specified domain (third-party ), and whether there are any special "p3p Compact Policy" files. The simplified p3p policy describes the attributes of a given cookie.
For the above, Internet Explorer is reflected in the setting of browser privacy in the first figure in this article. In the further settings, in figure 4, we select the site and click the summary button to view the following information:
 
(Figure 5) Select the site and click the summary button.

(Figure 6) Privacy Policy Adjustment window
 
Technically, p3p includes two components: one on the server side and the other on the client side to form a user proxy. When a user logs on to the website, the server component automatically generates an XML-based personal processing policy for the user according to the requirements of the website. This is like a public notice posted outside the shop window, the client component provides this "Public Notice" to users.
In the above example, what is the meaning of Cura ADMA Deva psao psdo our bus uni pur int DEM sta pre com nav OTC Noi DSP cor in the Privacy Policy. Fiddler is easy to know. In Fiddler, we can see the following information:
Response sets a cookie:
Set-COOKIE: ghj = aaaa_2009/11/27 15:55:56 _ http://a.net/webapp_p3p/a_setcookie.aspx; domain = .a.net; expires = Fri, 11-dec-2009 07:55:56 GMT; Path =/
P3p header is present:
CP = "Cura ADMA Deva psao psdo our bus uni pur int DEM sta pre com nav OTC Noi DSP cor"
Compact Policy token is present. A trailing 'O' means opt-out, a trailing 'I' means opt-in.
Cura
Information is used to complete the activity for which it was provided.
ADMA
Information may be used for the technical support of the web site and its computer system.
Deva
Information may be used to enhance, evaluate, or otherwise review the site, service, product, or market.
Psao
Information may be used to create or build a record of a particle individual or computer that is tied to a pseudo donymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. this profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals.
Psdo
Information may be used to create or build a record of a particle individual or computer that is tied to a pseudo donymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. this profile will be used to determine the habits, interests, or other characteristics of individuals to make a demo-that directly affects that individual, but it will not be used to attempt to identify specific individuals.
Our
We share information with ourselves and/or entities acting as our agents or entities for whom we are acting as an agent.
Bus
Info is retained under a service provider's stated business practices. sites must have a retention policy that establishes a destruction time table. the retention policy must be pinned in or linked from the site's human-readable privacy policy.
Uni
Non-financial identifiers, excluding government-issued identifiers, issued for purposes of consistently identifying or recognizing the individual. These include Identifiers issued by a Web site or service.
Pur
Information actively generated by the purchase of a product or service, including information about the method of payment.
Int
Data actively generated from or reflecting explicit interactions with a service provider through its site -- such as queries to a search engine, or logs of account activity.
DEM
Data about an individual's characteristics -- such as gender, age, and income.
Sta
Mechanic ISMs for maintaining a stateful session with a user or automatically recognizing users who have visited a particle site or accessed particle content previusly -- such as HTTP cookies.
Pre
Data about an individual's likes and dislikes -- such as favorite color or musical tastes.
Com
Information about the computer system that the individual is using to access the network -- such as the IP number, domain name, browser type or operating system.
NAV
Data passively generated by browsing the Web site -- such as which pages are visited, and how long users stay on each page.
OTC
Other types of data not captured by the above definitions.
Noi
Web site does not collected identified data.
DSP
The Privacy Policy contains disputes elements.
Cor
Errors or wrongful actions arising in connection with the privacy policy will be remedied by the Service.
Validate at: http://www.w3.org/P3P/validator.html
Learn more: http://www.fiddler2.com/redir? Id = p3pinfo
P3p this HTTP header has a lot of combinations of writing, it is very painful to write, through the following connection http://www.w3.org/P3P/details.html you can find some p3p Policy Generator software package. (Although you may find more search results on Google, it seems that only IBM's p3p Policy Editor is available for free .)
 
Note:
The development site (ASP. NET development server) that comes with Visual Studio does not support this function. It reports an error: this operation requires IIS integrated pipeline mode.
 
References:
Use p3p to solve third-party Cookie Access Problems
Http://www.javaeye.com/topic/94336
IBM p3p Policy Editor
Http://www.alphaworks.ibm.com/tech/p3peditor
How to configure IIS to use platform for privacy preferences (p3p)
Http://support.microsoft.com/kb/324013/en-us
How to deploy p3p privacy policies on your web site
The http://msdn.microsoft.com/en-us/library/ms537341 (vs.85). aspx
Add a custom HTTP Response Header (IIS 7)
Http://technet.microsoft.com/en-us/library/cc753133 (ws.10). aspx
Private parameter selection platform-p3p (about cookies)
Http://www.yxl.cn/Info/20060302,212041,5095.html
Use p3p
Http://welcome.hp.com/country/cn/zh/privacy/p3p_popup.html
 
Use p3p header to solve IFRAME cross-origin access Cookie/session
Http://blog.csdn.net/Hashxu/archive/2009/01/02/3684402.aspx
Use p3p to pass cookie across domains
Http://hi.baidu.com/thinkinginlamp/blog/item/5e2a02084f1dafd163d9865f.html
Use p3p to solve cookie cross-origin problems in IFRAME
Http://blog.ntsky.com/p3p-iframe-cookie.html
Set the p3p header to implement cross-origin access cookie
Http://blog.c114.net/html/38/193738-35549.html
 
P3p
Http://www.hudong.com/wiki/p3p
Cookie, IFRAME, and p3p
Http://www.dbanotes.net/web/cookie_p3p.html
Firefox help: Firefox's cookie options
Http://mozilla.gunnars.net/firefox_help_firefox_cookie_tutorial.html
IE session loss: IFRAME loss in IE
Http://wangzi6hao.javaeye.com/blog/531524
Turn: A Brief Introduction to p3p Technology