On 2/4/08, Kevin Brown <[EMAIL PROTECTED]> wrote: > > Also has nothing to do with this necessarily (although you could require > that the GadgetToken be able to return the locked domain, but I think this > is overkill). I think the best implementation of locked domain for shindig > is either an md5 or sha1 hash of the gadget url. Creating a collision is > virtually impossible because it would require making said collision with a > fixed prefix (limited to host names the attacker can control) and a finite > length (~2k for the url parameter). It's a trivial implementation, and at > the worst case produces exactly the same number of unique sub domains as > any > other implementation would (by definition; locked domain requires a unique > domain for every possible gadget). >
I think this is important for this discussion. This is because the gadget server should only proxy for gadgets that are locked to that domain. So when receiving a proxy request, the gadget server should be able to authenticate that the request came from a gadget on that domain. I do agree with you that some sort of hash of the gadget url will do just fine, as long as it' s large enough
