[ news_security_news ]
IBM Securing Mashups With SMash
David Utter
Staff Writer
2008-03-13
 Security News RSS Feed
IBM gives the OpenAjax Alliance a new toy to play with for securing mashup applications and safeguarding systems from malicious code.
Our first impression of IBM's SMash announcement of a mashup security product reminded us of chroot jail under BSD. Here's the IBM description of SMash, which they are donating to the OpenAjax Alliance:
Short for secure mashup, this technology allows information from different sources to talk to each other, but keeps them separate so malicious code cannot creep into enterprise systems.
As for chroot jail: "A chroot on Unix operating systems is an operation that changes the apparent disk root directory for the current running process and its children. A program that is re-rooted to another directory cannot access or name files outside that directory, called a chroot jail."
Something old is new again, perhaps. Security pros should appreciate seeing SMash implemented, especially as more users look to use web applications inside a business network. Being able to promote a SMash-protected service may become a selling point as adoption of the technology takes place.
Major Internet players like Google, Microsoft, Salesforce, and a host of smaller firms all want to convince the marketplace of the value of web-based applications. Security will be a difference maker to those in a position to adopt such in-the-cloud works for their enterprises.
UPDATE: Meh, IBM disagrees with the analogy. From a Big Blue spokesperson: "Chroot changes the root directory in a process and the processes children. SMash was designed to allow messaging (securely) between iFrames in an area called that security folks call domain isolation. SMash can not be thought of using the chroot paradigm."
View All Articles by David Utter
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More news_security_news Articles
Security News RSS Feed
|
|
