Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
mozilla.dev.platform
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
The Module-Tag as a solution to improve security while using widgets
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   3 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Bastian Meier  
View profile  
 More options Mar 17 2009, 1:22 pm
Newsgroups: mozilla.dev.platform
From: Bastian Meier <bastian.me...@uni-rostock.de>
Date: Tue, 17 Mar 2009 18:22:17 +0100
Local: Tues, Mar 17 2009 1:22 pm
Subject: The Module-Tag as a solution to improve security while using widgets
Print | Individual message | Show original | Report this message | Find messages by this author
Hello @ all

While writing my thesis about security in web2.0 i have implemented the
Module-Tag from Douglas Crockford. It enables a site to communicate with
embedded widgets while preventing the widget from manipulating the site.

In order to make some use of this Firefox-Extension, i published the
code at [addons.mozilla.org/de/firefox/addon/10090]. This extension
works with frames, because of the use of the Same-Origin-Policy to
separate site and widget from each other. An interface provides the
functionality to send messages from the site to the widget and backwards.
The goal is to discuss the Module-Tag and its usefulness to modern web
security especially while using widgets.

I would like to ask for opinions about the Module-Tag and my
implementation of it. I couldn't find any alternative extensions or
projects with the same security service,so i think this will be a very
useful one to everybody.

Basti


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Martin  
View profile  
 More options Apr 16 2009, 4:07 am
Newsgroups: mozilla.dev.platform
From: Martin <martin.ga...@informatik.uni-rostock.de>
Date: Thu, 16 Apr 2009 10:07:54 +0200
Local: Thurs, Apr 16 2009 4:07 am
Subject: Re: The Module-Tag as a solution to improve security while using widgets
Print | Individual message | Show original | Report this message | Find messages by this author

Bastian Meier wrote:
> Hello @ all

> While writing my thesis about security in web2.0 i have implemented the
> Module-Tag from Douglas Crockford. It enables a site to communicate with
> embedded widgets while preventing the widget from manipulating the site.

I'm wondering why there is no comment on this. Is this the wrong place
to discuss it or is the Module-Tag uninteresting to you or are there
more infos needed?
What do you think about the concept of the module tag?
(http://www.json.org/module.html)

Regards,
Martin


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Johnathan Nightingale  
View profile  
 More options Apr 16 2009, 9:55 am
Newsgroups: mozilla.dev.platform
From: Johnathan Nightingale <john...@mozilla.com>
Date: Thu, 16 Apr 2009 09:55:00 -0400
Subject: Re: The Module-Tag as a solution to improve security while using widgets
Print | Individual message | Show original | Report this message | Find messages by this author
Hello Martin,

This is interesting work to see, but you might find more direct  
interest in the mozilla.dev.security newsgroup, where technologies  
like Origin Headers, Content Security Policy, are discussed.  Your  
work would seem to fit nicely into that category, would you agree?

Cheers,

Johnathan

On 16-Apr-09, at 4:07 AM, Martin wrote:

---
Johnathan Nightingale
Human Shield
john...@mozilla.com

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2012 Google