Monday, March 31, 2008

Technology Review: Mashup Security

Check the full article for a couple candidate solutions

However, Helen Wang, a senior researcher in the systems and networking group at Microsoft Research, explains that the same-origin policy fails by forcing "Web applications today to either sacrifice security or functionality." She says that a lot of great functionality, such as that of mashups, comes from using tools from multiple sources. The problem is that when the website creator embeds code written by a third party on her site, the same-origin policy no longer offers any protection, and the embedded code likely has access to information stored on the creator's site. For example, if the creator of a forum embeds a mapping application on her site, the code in the mapping application could potentially access log-in data for the forum. Mashup makers, Wang says, either give up security by accepting those risks and trusting third-party tools, or they give up functionality by denying themselves the use of untrusted tools.

Technology Review: Mashup Security

No comments: