Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Cross-site scripting and over-scoping of cookies will be a great concern here. Utilising the browsers' Same Origin Policies will be a valuable methodology in your defence of this. <a href="http://www.w3.org/Security/wiki/Same_Origin_Policy" rel="nofollow">ref1</a> <a href="http://code.google.com/p/browsersec/wiki/Part2" rel="nofollow">ref2</a></p> <ul> <li>Ensure your sites are served from a different domain to the contributors apps. (e.g. <code>coolgames.com</code> vs <code>mycoolgames.com</code>) - This will segregate the origin-scope of your code from theirs.</li> <li>Ensure that each different contributor has their apps/games served from a unique subdomain (e.g. <code>bob.mycoolgames.com</code>, <code>dave.mycoolgames.com</code>) - This will help to segregate the origin of the different developers. Each will need to be careful to never scope cookies to <code>.mycoolgames.com</code> or they will overexpose themselves.</li> </ul> <p>You may also wish to further protect your own app by utilising the new <a href="https://developer.mozilla.org/en/Introducing_Content_Security_Policy" rel="nofollow">Content Security Policy</a> support in modern browsers. This will additionally help to <a href="https://developer.mozilla.org/en/Introducing_Content_Security_Policy#Mitigating_.22clickjacking.22" rel="nofollow">mitigate</a> against <a href="https://www.owasp.org/index.php/Clickjacking" rel="nofollow">clickjacking attacks</a>.</p> <p>Regarding iframes:</p> <p>Can you explain why you think you need to use an iframe at all? What's wrong with good old fashioned links? </p> <p>If the graphic design dictates that an iframe must be used, you can easily have all the embedded games iframed into a dynamic page at www.mycoolgames.com, where you will not keep any sensitive systems, data or code - keep all user authentication systems, CMS systems and data only on the applications at *.coolgames.com</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload