Two pages on the same site allows scripts calls between the pages - it's essentially XSS but on the same site. Putting separate gadgets on separate domains (or subdomains) also protects the gadgets from each other as well as the container page. Two gadgets on iGoogle might be rendered at the following urls:
http://a.gmodules.com/ig/ifr?url=http://www.myserver.com/gadget.xml http://b.gmodules.com/ig/ifr?url=http://www.myserver.com/gadget.xml In this case javascript from gadget 'a' is prevented from doing XSS attacks against gadget 'b'. There are other issues but I'd rather not talk about it on a pulic list. To be more secure, the subdomain should be restricted to a function of the gadget url. So that www.myserver.com/gadget.xml can only be rendered at xjtosn.gmodules.com for example and is rejected when attempting to render it on any other domain. On Jan 30, 2008 2:15 PM, Reinoud Elhorst <[EMAIL PROTECTED]> wrote: > Kevin, I was wondering if you (or anyone else) could comment on the > following. It was posted in the Hello World thread, but I guess that > thread > went the other way. > > > On 1/30/08, Kevin Brown <[EMAIL PROTECTED]> wrote: > > > > > > Real production sites should always render the iframe on a different > > domain > > from the parent site This is critical for security. Without it, none of > > the > > other security solutions matter. > > > > I was wondering about that. Obviously a separate domain is needed to (and > will) protect the parent container page from the gadget, does this also > protect gadgets from each other (in case multiple gadgets are put on one > page)? >
