Recently I wrote about why rich interactivity matters but what are the concerns around it? Ajax has made new kinds of web applications possible by bringing interactivity usually seen only on the desktop to a web browser. Google Maps and countless other web applications have begun adding interactivity throughout the application.
It isn’t easy though. Many times interactivity is cobbled into existing applications with a mish-mash of code–creating a Frankenstein of multiple technologies and line-after-line of code. This approach is difficult to maintain and can open several security threats to the user, server and data.
- Cross-site scripting (XSS) is a problem where code from another, potentially malicious, site is executed as if it were from a trusted site. This type of attack can result in identity theft and unauthorized access to data and subsystems.
- Injection vulnerabilities exist when an attacker can inject their own inputs into the web application and spoof certain commands to gain access to a file system or data set.
These are very important concerns for a business to consider as they begin adding interactivity to their site. Managing these risks requires a significant investment in time and resources throughout the life of an application.
Are these risks, and the cost of managing them, just the price of adding interactivity? At Bungee we don’t believe it is.
Bungee Connect takes a strong stance on security through a unique approach to these issues:
- Cross-site scripting is eliminated by moving the access to other domains and sites to the server, and never the client. In this way all requests and responses are parsed by the server then sent down to the client. If an issue is encountered the malicious code is not executed or passed through to the client.