Protecting Websites From Shared Code
Technology Review (05/20/10) Naone, Erica
Code sharing between Web sites can be an Achilles heel if third-party programs have security weaknesses, but the new ConScript browser extension could remove this vulnerability by giving developers and site owners an easier method for controlling the extent of what third-party code can do on their sites. ConScript works through the addition of a relatively small amount of code to the browser, which then analyzes JavaScript commands that the browser is processing. JavaScript can be prevented from attempting tasks that the user has configured to block through the injection of extra code. ConScript is aware of what behavior to enforce according to a set of policies selected by the site's owner. Microsoft researcher Ben Livshits says ConScript offers a technique for developers and browser makers to promote the ways that sites use JavaScript without endangering security. University of California, Berkeley researcher Leo Meyerovich says the extension's design should permit developers to use older code without having to modify it, even if it contains known security vulnerabilities.
Thursday, May 20, 2010
Blog: Protecting Websites From Shared Code
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment