Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Talks About the Dangers of User Content

Posted by samzenpus on Wednesday August 29, 2012 @06:59PM from the watch-what-you-say dept.

An anonymous reader writes "Here's an interesting article on the Google security blog about the dangers faced by modern web applications when hosting any user supplied data. The surprising conclusion is that it's apparently almost impossible to host images or text files safely unless you use a completely separate domain. Is it really that bad? "

2 of 172 comments (clear)

Min score:

Reason:

Sort:

Re:I don't know if the question should be... by TubeSteak · 2012-08-29 20:00 · Score: 5, Insightful

It's fundamentally a problem with not validating inputs. Without getting too technical...
Problem 1: Browsers try real hard to be clever and interpret maltagged/malformed content instead of validating inputs.
Problem 2: There are a lot of checks in most browsers against 'cross site scripting', which is fundamentally a problem of not validating inputs.
/don't forget to validate your outputs either.

--
[Fuck Beta]
o0t!
Re:Yes, it really is that bad. by SuricouRaven · 2012-08-29 20:29 · Score: 5, Insightful

Of course it's a mess. The combination of HTTP and HTML was designed for simple, static documents displaying predominatly text, a little formatting and a few images. By this point we're using extensions to extensions to extensions. It's a miracle it works at all.