Return of the Cross Domain AJAX

So I’ve found that the cross-domain AJAX meme just won’t die, with folks writing articles that seem to miss the issue of firewalled content, at least at first (in that article, a reader comment eventually brings it up, though the crux of the article is focused on far less important issues.)

Somehow, the point is not getting across that firewalled content must be protected by browser policies, not just for corporations, but for individuals, too. So I’ve come up with a couple of examples, just to put the final nails in this coffin.

If you had cross-domain AJAX without any careful consideration of security policies, then consider the following:

  • Google Desktop Search: It effectively intercepts Google queries from your browser and injects local hard drive information into the resulting HTML. With cross-domain AJAX, a malicious site could fake the Google query, thus searching your hard drive, get the results, and send them back to the originating malicious server, and you would never know.

    Is this a bug in Google Desktop Search? Only if you think it’s unfair to assume that queries coming from your machine are, indeed, queries you meant to send from your machine. The real design problem is with willy-nilly cross-domain AJAX, of course.

  • Shared iPhoto Libraries: with iPhoto on your Mac, you can easily share your photos so that any machine on the local network can browse your photos. This is particularly useful given the latest version of FrontRow, where you can use a Mac Mini as a media box connected to your TV to display photos from any local machine. For example, your spouse’s brand new MacBook with its collection of photos is easily accessed from any other local Mac. With cross-domain AJAX, a malicious web site could find these photos on your intranet, load them, and send them back to the malicious server.

Intranets are meant to be protected. Your web browser should not be easily hijacked and transformed into a firewall hole that proxies requests from external sites into your private network, whether that private networks is a corporate network, a family network, or even your local machine’s loopback network.