shindig-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Making public shindig secure?
Date Wed, 08 Jun 2011 10:58:50 GMT
Hello everyone,
I’m currently evaluating shindig as Open Social Container for our project which should be
a public site.
I checked the code and I have the following security concern:
In my opinion u could use at least the servlets GadgetRenderingServlet, ConcatProxyServlet
and JsServlet to request any resource from the internet via the shindig server. For example
by using:
to request the Google page.
This could be used for local IPs to, like 1=http%3A%2F%2Flocalhost%2Fsecret
Whats the proposed way to make this secure?
I can think about the following ways:
1.)    Use a filter for the servlets und restrict the access by programmatically checking
the parameters
2.)    Use a firewall to restrict access for the webapp container
Thanks and best regards
Schon gehört? WEB.DE hat einen genialen Phishing-Filter in die
Toolbar eingebaut!

View raw message