NYCPHP Meetup

[nycphp-talk] security & google ajax lib (was: Ajax UI...)

Elijah Insua tmpvar at gmail.com
Wed Dec 10 15:05:24 EST 2008


There could be problems with man in the middle attacks, but that's goes for
just about anything being served up remotely.

On Wed, Dec 10, 2008 at 2:51 PM, David Mintz <david at davidmintz.org> wrote:

>
>
> On Wed, Dec 10, 2008 at 12:32 PM, csnyder <chsnyder at gmail.com> wrote:
>
>> On Wed, Dec 10, 2008 at 11:25 AM, Daniel Convissor
>> <danielc at analysisandsolutions.com> wrote:
>> > Hi Greg:
>> >
>> > On Tue, Dec 09, 2008 at 05:46:24PM -0500, Greg Rundlett wrote:
>> >>
>> >> Using multiple libraries got you down?
>> >> With the Google AJAX Libraries API, it
>> >> makes it easy to use libraries without actually installing and
>> >> maintaining the
>> >> library infrastructure locally
>> >
>> > Interesting.  I'm wondering what the security implications of this are.
>> >
>> > Also there's the issue of giving Google even more data about browsing
>> > habits.
>> >
>> > Finally, there are folks like myself that use Firefox's No Script add on
>> > that allows me to limit which domains can load JavaScript in my browser.
>> > I tend to not allow sites other than the one I'm looking at to run JS.
>> >
>> > --Dan
>>
>> You pretty much nailed it, Dan. In exchange for convenience, you let
>> Google own your users' browsing habits.
>>
>> I'm not so concerned about security -- I think it would be incredibly
>> embarrassing to Google if one of those hosted javascripts got
>> compromised -- but I do would worry about application breakage should
>> Google update to a newer version of a library, or delete an old, buggy
>> version.
>>
>
>
> Although if you want to, you can tell Google which version you want, which
> should protect you from an unwanted upgrade.
>
> --
> David Mintz
> http://davidmintz.org/
>
> The subtle source is clear and bright
> The tributary streams flow through the darkness
>
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081210/24546466/attachment.html>


More information about the talk mailing list