On Tuesday, the Apps for Office and SharePoint Blog published an in-depth how-to piece on methods for developers to build more secure apps. As an example, the blog post focuses on the Wikipedia app for Office.
“Apps for Office and SharePoint communicate with external resources and data. In the same domain, unauthorized users might take advantage of the same-origin policy by adding malicious code to the external resources or data, and then using the code to steal information from your file or inside your SharePoint site,” writes content publisher Tony Liu.
For example, when developers search key words in Wikipedia, it’s possible to bring back information from Wikipedia – information that might contain malicious code.
To address security concerns, developers can use a two-domain design. The domains communicate through a message-posting function, and then actions are taken by the event listeners. For each domain, there is a set of message-posting function and event listeners.
The two-domain design adds a layer to separate the code that communicates with Wikipedia from the code that accesses Office clients like Word or Excel. If developers don’t add that second domain layer, the inserted malicious code from Wikipedia could then potentially intermingle with the code that accesses Office files. The result could be malicious code accessing Word or Excel files and stealing information.
For the rest of this story, head on over to the Apps for Office and SharePoint Blog.
You might also be interested in:
· Microsoft continues going green with investments in 15 carbon offset projects across the globe
· Take a look at the new Skype pre-release on Windows 8.1
· Staff App Pick: Weather Flow
Jeff Meisner
Microsoft News Center Staff