beachersaussie Posted May 6, 2012 Share Posted May 6, 2012 I am building a website that allows full-screen apps. Basically I have two thoughts: 1. iframes (like Facebook) 2. jquery.load The advantage of jquery.load is i can have a consistent navigation and get the app to append into it (will be a sliding out sidebar). Unlike the iframe, I would have to rely on the developer to implement a standard navigation etc. Would 2 be secure? Noting my whole site being powered by its own API (similar to twitter is). Or would it be best to try and develop some form of framework developers must adhere to and check all apps against it (similar to Apple) (and use iframes - like Facebook)? Or has someone got an even better idea. Hope that all makes some sense Link to comment https://forums.phpfreaks.com/topic/262146-would-this-be-secure-or-reccomendable/ Share on other sites More sharing options...
ignace Posted May 6, 2012 Share Posted May 6, 2012 Since you have an API, developers already adhere to something. Why would jQuery.load be insecure? We are going to need more info. If they can't compromise you through your API, I would allow the developers as much freedom as possible. Allowing creativity is key to attracting parties. Link to comment https://forums.phpfreaks.com/topic/262146-would-this-be-secure-or-reccomendable/#findComment-1343436 Share on other sites More sharing options...
beachersaussie Posted May 6, 2012 Author Share Posted May 6, 2012 @ignace, All the data handling is done via an API, so they could not hook into a PHP function to get a users data, it would have to go via the API, the only cookie stored is one to confirm they are logged in. So it would allow the most creativity, freedom and still allow security (given the above) if I user jQuery/AJAX loads rather than iframe? Although how would adding CSS sheets and jquery plugins go? Thanks Link to comment https://forums.phpfreaks.com/topic/262146-would-this-be-secure-or-reccomendable/#findComment-1343437 Share on other sites More sharing options...
beachersaussie Posted May 6, 2012 Author Share Posted May 6, 2012 Not sure why this was shifted as it is a fairly broad topic, encompassing iframe, jquery, ajax and PHP - all options are still open. Anyways, look forward to more advice Link to comment https://forums.phpfreaks.com/topic/262146-would-this-be-secure-or-reccomendable/#findComment-1343440 Share on other sites More sharing options...
beachersaussie Posted May 6, 2012 Author Share Posted May 6, 2012 Also @ignace, What if they redefined the cookie for active user (which fb & twitter use the same as i do) this would give acces to other peoples stuff? yes? Link to comment https://forums.phpfreaks.com/topic/262146-would-this-be-secure-or-reccomendable/#findComment-1343442 Share on other sites More sharing options...
beachersaussie Posted May 6, 2012 Author Share Posted May 6, 2012 I dont feel this belongs here, so Im going away to think it over and come back soon. Ignace, feel free please to offer your advice again Link to comment https://forums.phpfreaks.com/topic/262146-would-this-be-secure-or-reccomendable/#findComment-1343447 Share on other sites More sharing options...
xyph Posted May 6, 2012 Share Posted May 6, 2012 This was moved here as it's a discussion about HTTP, and not PHP. You are asking if whether using an IFRAME or AJAX is more secure. Your API being coded in PHP does not making this a PHP question. The answer, without knowing the details, is that they are equally secure. Both can be manipulated client-side, and both can send a request on behalf of the client. I don't know anything that would make one less secure than the other, they have generally similar behaviour. If you would like to discuss your API in particular, feel free to post in the PHP section Link to comment https://forums.phpfreaks.com/topic/262146-would-this-be-secure-or-reccomendable/#findComment-1343452 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.