Building safe orkut apps
January 20th, 2009 | Published in Google Orkut
Late last month, we added an article describing the lifecycle stages of a typical orkut application. Among other things, this article includes an elaborate section which details the process of testing applications before submitting them to the directory. This section identifies several common mistakes and how to avoid them.
In particular, applications are often cited for not escaping user-submitted data, which typically results in XSS vulnerabilities. These vulnerabilities allow malicious users to effectively hijack your application, redirecting your users to phishing sites or worse. Be sure to read the section titled "Identifying and plugging security vulnerabilities" before submitting your apps. Addressing these security holes in your apps should prevent any unwanted attacks from malicious users. It should also avoid interruption of service of your app since apps with such vulnerabilities will be removed from the directory immediately.
As always, if you find any issues or just want to chat about the platform, the developer forum is always available. IRC office hours are scheduled every week as well, so stop on by!