It depends really on how careful you want to be :) Of course you want to make sure that the gadget can't do any malicious actions on the container (and having them on different domains helps prevent that).
If you also distrust the gadgets so much that you are worried that they might be written to do something undesirable to other random gadgets, well then yes indeed putting them on different domains is a great solution for that, a simple wildcard dns entry and a wildcard apache vhost config makes that simple enough to support. You'd probably want to use the app<appId>.modules.yourdomain.com type host name, so that browser caching functions as expected (since the url's of that certain app will always be consistent), while they can never access any other gadgets. Hope that helps! -- Chris On Wed, Jul 8, 2009 at 9:39 PM, rbruhn <[email protected]> wrote: > > Hello, > > I've spent the day reading as much as I could find about installing > shindig but can't quite find my answers. Hoping someone could help > out. > > I have a social network already running with PHP. > Should I install shindig in /var/www/html/shindig and then create a > virtual host subdomain of my site pointing there? > If so, what about XSS problems when more than one gadget is used on a > single page? Or should I also add a wild card so each gadget can be on > it's own subdomain? > > Sorry if this is listed somewhere... I just could find answers. > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Implementing OpenSocial Containers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/opensocial-container?hl=en -~----------~----~----~----~------~----~------~--~---
