[nycphp-talk] security & google ajax lib (was: Ajax UI...)
tmpvar at gmail.com
Wed Dec 10 15:05:24 EST 2008
There could be problems with man in the middle attacks, but that's goes for
just about anything being served up remotely.
On Wed, Dec 10, 2008 at 2:51 PM, David Mintz <david at davidmintz.org> wrote:
> On Wed, Dec 10, 2008 at 12:32 PM, csnyder <chsnyder at gmail.com> wrote:
>> On Wed, Dec 10, 2008 at 11:25 AM, Daniel Convissor
>> <danielc at analysisandsolutions.com> wrote:
>> > Hi Greg:
>> > On Tue, Dec 09, 2008 at 05:46:24PM -0500, Greg Rundlett wrote:
>> >> Using multiple libraries got you down?
>> >> With the Google AJAX Libraries API, it
>> >> makes it easy to use libraries without actually installing and
>> >> maintaining the
>> >> library infrastructure locally
>> > Interesting. I'm wondering what the security implications of this are.
>> > Also there's the issue of giving Google even more data about browsing
>> > habits.
>> > Finally, there are folks like myself that use Firefox's No Script add on
>> > I tend to not allow sites other than the one I'm looking at to run JS.
>> > --Dan
>> You pretty much nailed it, Dan. In exchange for convenience, you let
>> Google own your users' browsing habits.
>> I'm not so concerned about security -- I think it would be incredibly
>> compromised -- but I do would worry about application breakage should
>> Google update to a newer version of a library, or delete an old, buggy
> Although if you want to, you can tell Google which version you want, which
> should protect you from an unwanted upgrade.
> David Mintz
> The subtle source is clear and bright
> The tributary streams flow through the darkness
> New York PHP User Group Community Talk Mailing List
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the talk