The genius guys over at Microsoft Live Labs have released a solution for web developers to secure their web application content from hackers through isolation.
Today web gadgets, mashup components, advertisements, and other 3rd party content on websites either run with full trust alongside your content or are isolated inside of IFrames. As a result, many modern web applications are intrinsically insecure, often with unpredictable service quality. Live Labs Web Sandbox addresses this problem.
An increasing number of Web 2.0 applications incorporate 3rd party content. There are two common patterns: via direct script inclusion or embedded in an IFrame.
- Components that are included directly execute with full trust and can access private information elsewhere on the page and site. The site is subject to intentional or non-intentional bugs that could compromise personal information or degrade the web application’s quality of service.
- IFrames offer isolation but not complete security. Malicious code can try to install ActiveX controls, redirect users, interrogate your browser history, degrading the quality of service. IFrames also make it hard to provide an integrated experience and share data across components.
Web Sandbox from Live Labs enables developers to test their code by using the Sandbox provided here. In addition to this, they have a couple of sample codes in place for you to try and hack out.
Plus there will be more on the Web Sandbox at the upcoming PDC conference in LA. You can join in the team on Monday, October 27th at 11AM to learn more about Web Sandbox.
