The Infosys Labs research blog tracks trends in technology with a focus on applied research in Information and Communication Technology (ICT)

Main

January 4, 2012

Frame Navigation Policies in web browsers-One reason to upgrade to modern browsers

Whether most of us are aware or not, frames are commonly used in most of the websites we use, for various purposes such as widgets in mashups, containers for advertisements, at the least for loading arbitrary documents into web pages. To serve this purpose <iframe> is used, while <frameset> and <frame> which were initially used for navigation are made obsolete in HTML5.
 
Frames are used primarily to isolate untrusted content such as remote scripts of widgets/ads etc., from interacting with rest of the DOM. Frames comply with Same Origin Policy if they load remote pages. This means, if an iframe is loaded with a page from same domain, it allows DOM manipulations to and from its parent page. Where as if it is loaded with a page from a different domain, it will restrict DOM manipulations and provides an isolated environment. The below code snippets should make this this clear.
<!-- This is allowed -->
<iframe src="sameDomainPage.html"> </iframe>
alert(frames[0].contentDocument.body);  //works fine
 
<!-- This is **NOT** allowed -->
<iframe src="http://google.com"> </iframe>
alert(frames[0].contentDocument.body);  //throws error 
Most of us are happy with this secure isolation of content in frames. But if we look a little deep into the frame navigation policies implemented in old browsers, the scenario becomes scary. This post explains the various frame navigation policies implemented by browsers and why modern browsers are more secure.

Continue reading "Frame Navigation Policies in web browsers-One reason to upgrade to modern browsers" »

July 21, 2009

Distributed System Security Contd..

In my previous post, i tried connecting Recent approaches to host security concerns using the technique of proof carrying code borrowing ideas from Aristotle..

Today i am going to talk briefly of a higher level in the distributed system logical model - namely Services..

Key point to ponder in Service level security, is while loose coupling is a key tenet of Service based distributed systems architecture, is the same required of security too in distributed systems based on services..

Continue reading "Distributed System Security Contd.." »