[nycphp-talk] security & google ajax lib (was: Ajax UI...)
David Mintz
david at davidmintz.org
Wed Dec 10 14:51:08 EST 2008
On Wed, Dec 10, 2008 at 12:32 PM, csnyder <chsnyder at gmail.com> wrote:
> On Wed, Dec 10, 2008 at 11:25 AM, Daniel Convissor
> <danielc at analysisandsolutions.com> wrote:
> > Hi Greg:
> >
> > On Tue, Dec 09, 2008 at 05:46:24PM -0500, Greg Rundlett wrote:
> >>
> >> Using multiple libraries got you down?
> >> With the Google AJAX Libraries API, it
> >> makes it easy to use libraries without actually installing and
> >> maintaining the
> >> library infrastructure locally
> >
> > Interesting. I'm wondering what the security implications of this are.
> >
> > Also there's the issue of giving Google even more data about browsing
> > habits.
> >
> > Finally, there are folks like myself that use Firefox's No Script add on
> > that allows me to limit which domains can load JavaScript in my browser.
> > I tend to not allow sites other than the one I'm looking at to run JS.
> >
> > --Dan
>
> You pretty much nailed it, Dan. In exchange for convenience, you let
> Google own your users' browsing habits.
>
> I'm not so concerned about security -- I think it would be incredibly
> embarrassing to Google if one of those hosted javascripts got
> compromised -- but I do would worry about application breakage should
> Google update to a newer version of a library, or delete an old, buggy
> version.
>
Although if you want to, you can tell Google which version you want, which
should protect you from an unwanted upgrade.
--
David Mintz
http://davidmintz.org/
The subtle source is clear and bright
The tributary streams flow through the darkness
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081210/4e68622e/attachment.html>
More information about the talk
mailing list