Sandbox Your Cross Domain JSONP To Improve Mashup Security

Published on January 27, 2009 by Mic

JSONP is a very neat way to get JSON data from other domains. The concept was brought by Bob Ipolito in 2005, and today it is widely available from API providers.

The big issue about JSONP is security. If you inject an unknown script in your page, you give to the script author a potential way to read the entire page content, scripts, cookies and data.

So, if you think, like us, the cool way to build web apps today is about building services and aggregating them with external APIs in Mashups, you have a problem. How can we securely fetch these nice services available everywhere?

Continue reading →

SaaS Startup Creation – BeeBole Technology Choices

Published on July 15, 2008 by Yves

An important part in the creation process of a new SaaS offer is of course about technology choices.

You need to choose a language for your back-end, for the front-end, you need a DataBase, you might want to develop everything on an existing platform, …

In some extent, you may even want your technological choices to mirror a certain corporate philosophy.

In the coming weeks, Mic and Hughes will share with you some technical posts about our findings, thoughts and decisions.

We don’t have the pretense of coming out with an absolute winner for each choice that we make. In fact, we think there is no such thing. Each technology has its pros and cons and even those might change depending on the context.
Continue reading →

Tag Archives: security

Sandbox Your Cross Domain JSONP To Improve Mashup Security

SaaS Startup Creation – BeeBole Technology Choices

Keep in touch

Developers

About