[unisog] WEB2.0 Security Issues

Bob Mahoney bobmah at MIT.EDU
Thu Jan 25 03:56:11 GMT 2007


One possible area of concern is in mashup security.  Whatever the  
data sources/service offerings are, crossing boundaries of control &  
security assumptions always offers possibilities for the Wrong Thing  
to happen...

What Valdis and Adam said is right on, but while we may have the same  
sorts of threats, it might not always be obvious how many web  
services came together to return a given page.  So the chance that  
server maintainers have made mistakes multiplies.

As campus developers start routinely using and offering data access  
and web app APIs, some awareness of potential problems is a good thing.

There were some security discussions at mashup camp last week (http:// 
mashupcamp.com) but they don't seem to be in the wiki as yet.

-Bob




More information about the unisog mailing list