Tagged: Security

HTML5 Tutorial – Messaging

HTML5_Logo_256Web browsers, for security and privacy reasons, prevent documents in different domains from affecting each other; that is, cross-site scripting is disallowed.

That means that communication between frames, tabs, and windows was restricted for security reasons. If browsers allowed you to access content loaded into other frames and tabs, site could steal information another site using scripting. So, attempting to retrieve or modify content loaded from another source raises a security exception and prevents the operation.

But there are cases where you want content from different sites to be able to communicate inside the browser, such as for mash-ups.

To meet this need, HTML5 allows Cross-Document Messaging and Channel Messaging.

In this post, you will learn:

  • How to send a message to an iFrame using Cross-Document Messaging.
  • Describe several security considerations in using Cross-Document Messaging.
  • How to send and receive a message using Channel Messaging.
  • Describe the function of ports when using Channel Messaging.

Continue reading

Windows Azure Goes PCI-Compliant

azurecloudWindows Azure has been validated for compliance with the Payment Card Industry (PCI) Data Security Standards (DSS) by an independent Qualified Security Assessor (QSA).

The PCI DSS is the global standard that any organization of any size must adhere to in order to accept payment cards, and to store, process, and/or transmit cardholder data. By providing PCI DSS validated infrastructure and platform services, Windows Azure delivers a compliant platform for you to run your own secure and compliant applications. You can now achieve PCI DSS certification for those applications using Windows Azure.

Continue reading