Mashups and Security
Do you really have to touch the stove to know that it is hot? It should be obvious that security is not at the top of the list for these web sites. In fact, this may be the first sentence where the words mashup and security appear together.
Lack of Trust
Let's deal with the lack of trust issue first. This used to not be such an issue because entities that had domain names on the Internet were usually known companies and organizations. Since the plague of spam, malware, phishing, domain squatting, and whatever else, you really cannot depend on the authenticity of a domain name. Just because something sounds legit doesn't mean it is.
I mean, what would you tell your mom if she asks you how to know if a web site is safe? You would probably tell her to, at the very least, look for the lock, right? Although this is a great first step, it is not nearly enough to know for sure with whom you are dealing.
The Department of Homeland Security on its site (http://www.us-cert.gov/cas/tips/ST04-013.html) advises the public at large to:
Check the web site's privacy policy: Before submitting your name, email address, or other personal information on a web site, look for the site's privacy policy. This policy should state how the information will be used and whether or not the information will be distributed to other organizations. Companies sometimes share information with partner vendors who offer related products or may offer options to subscribe to particular mailing lists. ...
Get Securing Ajax Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
