Monday, September 10th, 2007
Kris Zyp has just released a beta version of CrossSafe, a tool that provides secure cross domain JSON requests and partially implements the JSONRequest specification (the get and cancel methods).
You can also see a demonstration where you can pull information from Yahoo’s web services, Brad Neuberg’s transclusion web service, and a JSON object database at jspon.org, while staying secure in the midst of an attack from a malicious script. CrossSafe uses a technique for securing communication that is similiar to the Subspace approach from a recent Ajaxian post, that utilizes existing standards and is much more efficient and robust than the fragment identifier messaging.
Kris would also like to know if anyone can thwart the security in CrossSafe. It would be great if some good hackers could see if there is any holes, so we can really secure this software, and have a quality tool for the community for building secure mashups. From the test page there is a text box for entering in your own URLs to make it easier to stage attack attempts.
Posted by Dion Almaer at 10:00 am