WHITE PAPERS SPONSORED PROFILES JOB BOARD WEBINAR CENTER FREE SOFTWARE BZ RESEARCH ALMSHAREPOINT EVENTS CALENDAR PRINT/PDF EDITION PRINT/PDF BACK ISSUES

SUBSCRIBE TODAY CUSTOMER SERVICE EDITORIAL CALENDAR EDITORIAL BEATS GUEST VIEW GUIDE SD TIMES 100 GUIDE EVENTS CALENDAR ADVERTISING ARTICLE REPRINTS REPORT A BUG SITE MAP

ABOUT US BZ MEDIA NEWS BZ RESEARCH NEWS ON MONDAY SPTECHREPORT SPTECHWEB SPTECHCON IPHONE/IPAD DEVCON ANDROID DEVCON PRIVACY POLICY CONTACT US

HOME >> LATEST NEWS

OpenAjax Hub better secures mashups

By Jeff Feinman

August 31, 2009 — (Page 1 of 2)
The OpenAjax Alliance, an industry consortium focused on adoption of AJAX-based Web technologies, has implemented new security features into its defined set of JavaScript functionalities.

OpenAjax Hub 2.0, released today, brings a JavaScript library for Secure Enterprise Mashups that organization executives said can better protect widgets and mashups from hackers. The library isolates third-party widgets into secure sandboxes and manages messaging among the widgets with a security manager.

For example, if a website includes a third-party calendar widget, the widget itself might become malicious if its code has vulnerabilities. Hub 2.0 can prevent attacks by isolating non-trusted widgets from an application and by preventing access to user credentials.

“We looked at how to take enterprise data and create a mashup from it with data that could be coming from different domains outside of my secure area,” said David Boloker, OpenAjax Alliance steering committee chairman and CTO of emerging Internet technologies for IBM.

“That’s why we implemented sandboxing, where my widget can’t talk to any other widget unless I enable it. I might be able to get, for example, the data of all the accounts on my page, but no other widget, malicious or not, can get that same data unless I decide to enable them.”

Hub 2.0 also introduces a feature called Managed Hub, which allows the creation of both developer-built mashups and end-user-built mashups. Hub 1.0 only allowed for mashups built by developers. The Managed Hub ensures security by preventing sandboxed components from accessing the JavaScript of the host application or other components.

Hub 2.0 is available as both a specification and an open-source implementation. The Hub 2.0 specification was recently approved by OpenAjax Alliance members as an AJAX industry standard. The specification defines standardized JavaScript APIs for secure mashups to foster interoperability among mashups and mashup components. The open-source implementation is written in JavaScript and is compatible with all desktop browsers, according to Boloker.

Other members of the OpenAjax Alliance include JackBe, Microsoft, RadWeb Technologies, Software AG and TIBCO.

Related Search Term(s): Java, OpenAjax

Pages 1 2

Share this link: http://sdt.bz/33723

Most Read Latest News Blog Resources

Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans

Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists

From the Editors: Node.js is unruly, but that’s where the fun is
The time to get involved with Node.js is now; Hadoop is about to break its own barriers

Zeichick’s Take: Looking for the best of the best of the best
It's time once again for readers to send in nominees for the SD Times 100

Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans

Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists

Not so fast when it comes to testing in the cloud
Developers face outsourcing, virtual lab management and mobile devices as obstacles

Xceed releases UX-focused suite for Microsoft’s WPF
"Blendables" helps match user experiences to developer visions

Agility, mom, and apple pie
If we're to evaluate the state-of-the-art in software development, we should start with the values espoused in the Agile Manifesto.

RIM woos developers with free tablet
How do you get more apps ported to the BlackBerry PlayBook? By giving every developer a free tablet, of course!

GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.

Facebook claims hacker cred
Facebook's SEC S-1 filing form includes a short essay on the Hacker Way by Mark Zuckerberg himself.

The Hidden Costs of Software Licensing Moving beyond paper-based software licensing to more flexible, software-based licensing is a business decision. There is a growing trend tow...

Case Study: You May Need a Development Mechanic As a contractor for a major financial player in Germany, SOBEGE, a German-based consultancy specializing in embedded IT and web services, wa...

Ensuring Software Quality at a Major International Bank One of the world’s leading international banks has adopted AgitarOne technology for delivering generated unit tests for their Java software...

Load Testing Adobe Flex Applications Adobe Flex applications may be different from applications you’ve worked with before. For classic HTML web applications, the server does all...

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

Look what 2011 washed in: The return of Java Oracle's stewardship has led to real progress for the venerable coding language

Lambdas are coming to Java Oracle details its plans for lambda implementation in Java, which will bring a functional layer to the language

Java is open, but is the process? While Java SE 7 has arrived, questions about governance, the JCP, and the future for Apache and Oracle still loom

Add comment

Name*
Email*
Country

Comment

Look what 2011 washed in: The return of Java
Oracle's stewardship has led to real progress for the venerable coding language Read More...

News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
FEBRUARY 2012 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?

Agility, mom, and apple pie
If we're to evaluate the state-of-the-art in software development, we should start with the values espoused in the Agile Manifesto.
02/07/2012 11:57 AM EST

RIM woos developers with free tablet
How do you get more apps ported to the BlackBerry PlayBook? By giving every developer a free tablet, of course!
02/04/2012 01:57 PM EST

GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.
02/03/2012 12:17 PM EST

Facebook claims hacker cred
Facebook's SEC S-1 filing form includes a short essay on the Hacker Way by Mark Zuckerberg himself.
02/02/2012 08:26 AM EST

Ryan Dahl steps down
Ryan Dahl, creator of Node.js, steps back from his position as gatekeeper for the project.
02/01/2012 04:58 PM EST

Bloomberg opens its API
Bloomberg's APIs could lead to a future standard for accessing market data.
02/01/2012 04:41 PM EST