digg

Join DiggAbout

Discover the best of the web!
Learn more about Digg by taking the tour.

The biggest mistake of Myspace

cerias.purdue.edu — Myspace's failure to use proper web app security techniques from the outset leave it open to future attacks, but it's unlikely that the social networking giant can afford to fix the problem.

Submitted:
1 year 297 days ago
Submitter:
funka7ron funka7ron
Share:
Bury It:
Bury
Hide Profanity Expand Full Tree Global Settings
  • +2 diggsBuryDigg
    again  by again on 07/20/2006
    This is a pretty good analysis of the problems that apply to MySpace but these problems clearly apply to many web sites and are only going to get worse over time as sites with these sorts of heterogeneous user-supplied content requirements continue to proliferate. This suggests to me that perhaps a broader solution might be appropriate, for example the ability of a web site to specify an active content policy to the browser. So, for example, MySpace should be able to say to the browser "No JavaScript code should be executed from this site or any embedded content referenced by it". Handling the two sides of the web security equation (server versus client/browser) successfully is going to have to mean realistic and appropriate apportioning of responsibility to both sides, for example server code should ensure that the server is not compromised and the browser should be primarily responsible for looking after the user's security. But as I said, the only way this is going to work long-term is if the server and browser can communicate and work together to a greater degree than currently happens.

© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.