Using Widgets on your site can be very dangerous

March 17th, 2008 - Posted in Concepts, Widgets |

There are many technologies that can be used to display remote content on your site.

Basic examples

  • Iframe tags to create a little box and display a remote website.
  • Flash can grab remote data and use it as variables
  • Ajax can also grab data and use a variables
  • Json with javascript can access and return variables

burglar robbing a homeWhen you get out of the simple remote data display and want to start interacting with remote websites, you run into many security restraints. Of course, the security restraints are to protect your website, but they are not to be fully trusted.

Just like a home security system. They work well, but if someone REALLY wants to break in, they will…just depends on how much time and effort they are willing to spend. The internet is a little more complicated. A hacker can make an attack that will work on any website that has a vulnerability. Imagine if a burglar was able to break into every home that had an open window, at the same time…

websites, and the browsers you use to surf the web have implemented systems to make sure hackers are not sending remote information to your website. It is called the same origin policy and it prevents remote hosts from accessing website properties on your website. But what if you want trusted remote sites to access your properties and manipulate your website. there are really no easy to allow this.

In what some would consider a hack, we do manipulate remote website properties with our widgets. We will never create a malicious widget. We only make widgets that extend websites, provide benefits and features, and make the website better and more productive. When a company decides to take their data and make it available to millions of websites, they should be able to do so in a trusted and non-contained way.

Here is a good ZDnet post about XSS (cross site scripting attacks) using applets

Summary

  • many widgets are simple little containers that only display information from a remote website
  • if you want to install a widget that manipulates your website properties MAKE SURE you get that widget from a trusted source.

Related Posts:
  • 3 key concepts for any widget strategy
  • A Widget is not a Widget without a solid API
  • Dirt Cheap online advertising with Spottt and adgridwork
  • OpenSocial and Real Estate. Is This Web 3.0?
  • The Ultimate Secret Weapon for Business Advertising
    		•
    Posted in:
    Concepts
    Why we do it, and what can happen. We focus on topics from a business perspective
    Widgets
    The new tools to extend your brand. Think away from your website or business and think about deploying your brand across millions of sites

    0 Responses to “Using Widgets on your site can be very dangerous”

    Feed for this Entry Trackback Address
    1. No Comments

    Leave a Reply



    Become part pf the beta that will change the way you get a loan

    Add to Technorati Favorites

    Featured Sections

    Social Networking
    Online Social Networking is a key foundation for any business with an online presence
    Web Strategies
    Many Web strategies from proven online business techniques to guerrilla tactics
    realespace
    Products, Services, and Consulting provided by the group at Realespace.com