LOGIN | REGISTER NOW | SUBSCRIBE
 
Print

OpenAjax Hub better secures mashups


By Jeff Feinman


 Jeff Feinman
Email
August 31, 2009 —  (Page 1 of 2)
The OpenAjax Alliance, an industry consortium focused on adoption of AJAX-based Web technologies, has implemented new security features into its defined set of JavaScript functionalities.

OpenAjax Hub 2.0, released today, brings a JavaScript library for Secure Enterprise Mashups that organization executives said can better protect widgets and mashups from hackers. The library isolates third-party widgets into secure sandboxes and manages messaging among the widgets with a security manager.

For example, if a website includes a third-party calendar widget, the widget itself might become malicious if its code has vulnerabilities. Hub 2.0 can prevent attacks by isolating non-trusted widgets from an application and by preventing access to user credentials.

“We looked at how to take enterprise data and create a mashup from it with data that could be coming from different domains outside of my secure area,” said David Boloker, OpenAjax Alliance steering committee chairman and CTO of emerging Internet technologies for IBM.

“That’s why we implemented sandboxing, where my widget can’t talk to any other widget unless I enable it. I might be able to get, for example, the data of all the accounts on my page, but no other widget, malicious or not, can get that same data unless I decide to enable them.”

Hub 2.0 also introduces a feature called Managed Hub, which allows the creation of both developer-built mashups and end-user-built mashups. Hub 1.0 only allowed for mashups built by developers. The Managed Hub ensures security by preventing sandboxed components from accessing the JavaScript of the host application or other components.

Hub 2.0 is available as both a specification and an open-source implementation. The Hub 2.0 specification was recently approved by OpenAjax Alliance members as an AJAX industry standard. The specification defines standardized JavaScript APIs for secure mashups to foster interoperability among mashups and mashup components. The open-source implementation is written in JavaScript and is compatible with all desktop browsers, according to Boloker.

Other members of the OpenAjax Alliance include JackBe, Microsoft, RadWeb Technologies, Software AG and TIBCO.


Related Search Term(s): Java, OpenAjax

Pages 1 2 


Share this link: http://sdt.bz/33723
 
Most Read  Latest News  Resources
SAP unveils SAP HANA platform innovations for Big Data and spatial processing
Features include smart data access and expanded cloud deployment options
Alteryx raises $12 million to put Big Data analytics in the hands of all business analysts
Quest founder's firm, Toba Capital, selects Alteryx as its first analytics investment
Google I/O kicks off
Developers get new APIs and tools, and the Go language hits version 1.1
Jelastic launches new version of its Java and PHP hosting platform
Jelastic today announced the launch of a new version of its ultra-scalable cloud hosting platform
Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter

Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter


close
NEXT ARTICLE
Zeichick’s Take: Java, Java everywhere
The results are in from SD Times' Java & SOA Study, and it shows that out-of-date systems are still being widely used Read More...
 
 
 




News on Monday  more>>
Android Developer News  more>>
SharePoint Tech Report  more>>
Big Data TechReport  more>>

   
 
 

 


Download Current Issue
MAY 2013 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?