beachersaussie Posted May 6, 2012 Share Posted May 6, 2012 I am building a website that allows full-screen apps. Basically I have two thoughts: 1. iframes (like Facebook) 2. jquery.load The advantage of jquery.load is i can have a consistent navigation and get the app to append into it (will be a sliding out sidebar). Unlike the iframe, I would have to rely on the developer to implement a standard navigation etc. Would 2 be secure? Noting my whole site being powered by its own API (similar to twitter is). Or would it be best to try and develop some form of framework developers must adhere to and check all apps against it (similar to Apple) (and use iframes - like Facebook)? Or has someone got an even better idea. Hope that all makes some sense Quote Link to comment Share on other sites More sharing options...
ignace Posted May 6, 2012 Share Posted May 6, 2012 Since you have an API, developers already adhere to something. Why would jQuery.load be insecure? We are going to need more info. If they can't compromise you through your API, I would allow the developers as much freedom as possible. Allowing creativity is key to attracting parties. Quote Link to comment Share on other sites More sharing options...
beachersaussie Posted May 6, 2012 Author Share Posted May 6, 2012 @ignace, All the data handling is done via an API, so they could not hook into a PHP function to get a users data, it would have to go via the API, the only cookie stored is one to confirm they are logged in. So it would allow the most creativity, freedom and still allow security (given the above) if I user jQuery/AJAX loads rather than iframe? Although how would adding CSS sheets and jquery plugins go? Thanks Quote Link to comment Share on other sites More sharing options...
beachersaussie Posted May 6, 2012 Author Share Posted May 6, 2012 Not sure why this was shifted as it is a fairly broad topic, encompassing iframe, jquery, ajax and PHP - all options are still open. Anyways, look forward to more advice Quote Link to comment Share on other sites More sharing options...
beachersaussie Posted May 6, 2012 Author Share Posted May 6, 2012 Also @ignace, What if they redefined the cookie for active user (which fb & twitter use the same as i do) this would give acces to other peoples stuff? yes? Quote Link to comment Share on other sites More sharing options...
beachersaussie Posted May 6, 2012 Author Share Posted May 6, 2012 I dont feel this belongs here, so Im going away to think it over and come back soon. Ignace, feel free please to offer your advice again Quote Link to comment Share on other sites More sharing options...
xyph Posted May 6, 2012 Share Posted May 6, 2012 This was moved here as it's a discussion about HTTP, and not PHP. You are asking if whether using an IFRAME or AJAX is more secure. Your API being coded in PHP does not making this a PHP question. The answer, without knowing the details, is that they are equally secure. Both can be manipulated client-side, and both can send a request on behalf of the client. I don't know anything that would make one less secure than the other, they have generally similar behaviour. If you would like to discuss your API in particular, feel free to post in the PHP section Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.