So the choices (security-wise) are: Everything in the same url: a non-trusted gadget can take full control of the user's session, accessing the server and all the other gadgets in the page.
The site in a different url than ifr: a non-trusted gadget can take full control of the other gadgets in the page, interacting with them as the logged in user. The site is secured. The site and each gadget in its own url: fully isolation between gadgets and the site. Use caja: same security level as each gadget in its own url. As a side note, the gadgets url should not be a subdomain of the site url. Is this correct? What about rpc_relay.html? 2010/8/17 ๏̯͡๏ Jasvir Nagra <jas...@google.com> > On Tue, Aug 17, 2010 at 10:32 AM, Pablo Graña <pablo.gr...@globant.com > >wrote: > > > I partially understand the same origin policy, but not all of its > > consequences. If all gadgets are rendered from the same ifr 'service', > they > > share the same origin. Does that mean that every gadget can walk the dom > of > > every other gadget in the same page? At least, they could share the > > cookies, > > but I don't know how relevant is that, given that makeRequest drops the > > cookies (does it?). > > > > Yes two iframes that have the same origin can read and modify each others > DOM, including reading password fields for example. > > > > The other thing is the rpc_relay.html. I know it is sometimes used for > > cross > > site communication between iframes, but I still don't know about the > > consequences. The documentation states that rpc_relay.html must not be in > > the same domain as (I don't remember - was it shindig - the site?) > > > > Creating one domain per gadget, while possible, forces the host to also > > control a dns sub-tree. Is this something done somewhere? How does caja > fit > > into this picture? > > > > For code in the caja subset of javascript/html, the cajoled gadget can > safely be on the same origin as the container. The security policy does > not > rely on origin but rather the choice and implementation of APIs that the > container exposes to the gadget. > > > > I again apologize for my ignorance, any pointer or documentation, will be > > greatly appreciated. > > > > thanks a lot > > > > On Tue, Aug 17, 2010 at 9:46 AM, Christiaan Hees <christi...@q42.nl> > > wrote: > > > > > You probably even want each gadget iframe to be rendered on a different > > sub > > > domain or else they'll be able to influence eachother through the dom. > > > Anyway, I ended up doing the metadata call on the serverside and > passing > > > only the result to the client js which seems to work fine. > > > > > > On Tue, Aug 17, 2010 at 1:17 PM, Bastian Hofmann > > > <bashofm...@googlemail.com>wrote: > > > > > > > If shindig and your container are on the same domain all gadgets have > > > > full access to your container javascript, can manipulate the dom of > > > > your page and access your user's cookies. > > > > > > > > See http://en.wikipedia.org/wiki/Same_origin_policy > > > > > > > > 2010/8/17 Pablo Graña <pablo.gr...@globant.com>: > > > > > I apologize for my ignorance, but I can't figure out why is it a > > > security > > > > > risk. > > > > > > > > > > On Tue, Aug 17, 2010 at 7:16 AM, Tim Wintle < > > tim.win...@teamrubber.com > > > > >wrote: > > > > > > > > > >> On Wed, 2010-08-11 at 13:01 -0400, Gregg Horan wrote: > > > > >> > I've been successful using apache in front and doing rewrites on > / > > > > >> > gadgets, /social, etc. > > > > >> > > > > >> I may be misunderstanding, but you don't really want to be hosting > > > your > > > > >> site on the same (domain, port) as shindig for security reasons. > > > > >> > > > > >> > > > > >> > > > > > > > > > > > > > > > -- > > > > > Pablo Gra\~na > > > > > Chief Architect > > > > > Globant > > > > > Arg Office: +54 (11) 4109 1743 > > > > > UK Office: +44 (20) 7043 8269 int 8043 > > > > > US Office: +1 (212) 400 7686 int 8043 > > > > > > > > > > > > > > > > > > > > -- > > Pablo Gra\~na > > Chief Architect > > Globant > > Arg Office: +54 (11) 4109 1743 > > UK Office: +44 (20) 7043 8269 int 8043 > > US Office: +1 (212) 400 7686 int 8043 > > > -- Pablo Gra\~na Chief Architect Globant Arg Office: +54 (11) 4109 1743 UK Office: +44 (20) 7043 8269 int 8043 US Office: +1 (212) 400 7686 int 8043
