1. Field of the Invention
The present invention relates to Web applications, and particularly to a method and system for protecting cross-domain interaction of a web application on an unmodified browser.
2. Description of Related Art
Nowadays, in the field of web applications, mashup is becoming an important technology of web applications. The term “mashup” refers to a kind of web application with which data from more than one source can be combined into a single integration tool, to create a novel and unique web service, which has not been provided by any source yet. Compared with the service and data of a single source, mashup provides more value. An example of mashup is Google Maps. For an enterprise, using mashup can implement a combination of enterprise applications and external applications, and a combination of internal data and external data.
Mashup is an easy way to create applications, and blurs the boundary between developers and users. With mashup, users can create their applications on demand. There are some different mashup types. Some websites may expose their JavaScript APIs (Application Programming Interface), so that users may exploit it to develop powerful applications, e.g. the API of Google Maps. There is also a more flexible mashup way, such as ScissorsHands, which can cut any HTML, JavaScript, and CSS (Cascading Style Sheets) segments from different web applications, and integrate them into a new application. Besides these ways, there is also a mashup method, such as Netvibes, Google, and Yahoo, which provides a platform and many components called as widget or gadget. Users can put some or all of the components together on a platform, and develop new components under the platform's guidelines.
The implementation of mashup is based on some techniques such as dynamic HTML, JavaScript, and Ajax. Those techniques provide much flexibility to develop more powerful applications and friendlier user interfaces. However, those techniques raise security problems. Two main security problems are Cross-Site Scripting (XSS) and Cross-Site Request Forgeries (CSRF).
XSS means a web page is injected with a malicious Javascript code by a malicious attacker, so that when a user browses the page, the Javascript code embedded therein will be executed to achieve some specific goal of the malicious attacker. Thus, the malicious code may steal cookie stored in the system, access restricted information, and rewrite a part of the page. These attacks may threat users' privacy and other content providers' interests.
CSRF exploits a trusted website by counterfeiting a request from a trusted user. When a user logs on to a service, the malicious code in the service can attack the server as the server considers that the connection is from a trusted client code. The common characteristics of CSRF are in that: compromise websites that rely on a user's identity; exploit the website's trust in the user identity; and trick the user's browser into sending HTTP requests to a target site.
Unfortunately, there has not been a good solution for above mashup security problems. In particular, the hybrid nature of mashup makes a conflict between the functionality and security of a web application. Mashup may take codes, data, and contents from different hosts, thus breaking the basic web security model, which restricts a browser from accessing different hosts in one page.
The current browser security mechanisms employ the following way: either full-trust or non-trust. That is, with respect to a domain, either scripts, codes, services therein are fully trusted, or they are not trusted at all. There is proposed a security mechanism called as Same-Origin Policy (SOP) based on the restriction on browsers. SOP only allows a page to access other contents from the same domain. A Java object XMLHTTPRequest is also under the control of SOP. Although there are some methods (Ajax proxies, dynamic script tags, and browser extensions and plugins) that can avoid SOP, these methods bring more functionality along with security problems.
For the sake of security, as a default mashup model, Google encapsulates each gadget into iFrames in order to ensure a malicious code in a certain gadget cannot attack other gadgets. That model, however, restricts the communication between gadgets. Moreover, there is a restriction for iFrame on the length of transferred information. For mashup, it is inconvenient for merging different applications from various sources.
Using of the browser extensions and plugins, as another way to enhance security of mashup application, is dependent on the operation at client side to a great extent. A client user may not correctly install the browser extensions and plugins, or he may damage the functionality after installation. Thus, this is not a reliable solution.
It can be seen from the above that, in prior art, there is still no solution that can possess powerful functions and sufficient security in terms of cross-domain interaction of web applications. Current security models lead to a situation where security is often sacrificed if versatile and scalable functionality is needed. If SOP is avoided and access from a third-party component is allowed, then it will have access to everything in the current domain. Hence, there is a need in the art for a method and system that can protect cross-domain interaction of a web application on an unmodified browser, thus giving consideration to both functionality and security.