Securing Mashups with Smash
IBM is releasing secure mashup ("Smash") technology into open source through the OpenAjax Alliance. Many developers and security professionals are justifiably concerned about Ajax security and Smash is an attempt to address the inherent weaknesses of Ajax.
ComputerWorld quotes Rob Smith of IBM
"[Smash] is a little runtime piece [of code] that works in AJAX. As components come in through gadgets, it can proactively check to see if they are trustable. You'll be able to authenticate these pieces. As they're put on a page and they interact with other widgets on that page, you'll know they came from the right sources at that point."
One of the advantages of this approach is that we no longer need to ban JavaScript to prevent XSS attacks. There are more details in an IBM Research paper (pdf). Thanks to Pathfinder for digging that paper up.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
