On Wed, Jul 2, 2008 at 8:40 AM, Yaron Avital <[EMAIL PROTECTED]> wrote:
> Hi All, > > > > What are the benefits of using "Caja" in an open-social container? > > Obviously it's a code sanitizer that help removing "malicious" code that > was > written by someone I don't fully trust. > > > > But since "Open Social'' security architecture based on the browsers cross > domain protection, the malicious code does not have access to the container > and other applications (IFrame on domain www.my-Apps-Server.com can't > access the document that contains them on www.my-social-network.com) > > > > So, Why should I be worried about the stuff the applications developers > code > does? What attacks can it possibly performs? What am I missing? Using an iframe mostly works, but it also severely limits what you can do. Caja gives the container site full control at a highly granular level. A simple example of why iframe security isn't that great is found by looking at gadgets.rpc. If we had caja, we wouldn't need to do any of this stuff. iframes also have significant performance overhead. To be truly secure, you need to use unique subdomains for every gadget, which means lots of DNS traffic. Lastly, iframes aren't completely secure. They can't prevent modifying the iframe url to go to a malicious site, which opens the door for phishing. This is the main reason why we still see containers having to rely on white lists of "trusted" apps. Of coure, Caja isn't really ready for use in gadgets yet, so you don't have any choice but iframes. > > I would appreciate a well explained answer on this one > > > > Thanks > > Yaron Avital, > > DiffDoof.com > > > > > > > >
