advertisement
advertisement

COWL For A Safer Web

COWL For A Safer Web
[Photo: Flickr user Thomas Cloer]

When you visit a website on the modern web, you’re not really just visiting one website. If you dive into the source code, you’ll see that a page more likely than not pulls libraries and scripts from all across the Internet. These chunks of code provide advanced features that users have come to expect from interactive websites.

But third-party code also poses a security risk. By integrating such code into their sites, web developers may unintentionally expose their site visitors to bugs or malicious backdoors. With the way the web works now, a script integrated into a website could compromise user privacy and access sensitive data on that site or even in other browser tabs. Web developers are caught between the competing aims of creating a website that supports strong privacy versus providing the flexibility and features that users desire.

Now researchers from University College London and Stanford have unveiled what they are calling a solution to this dilemma.

The system is called COWL–“Confinement With Origin Web Labels”–and is purported to safely allow building web applications with third-party code but without leaking sensitive data.

Brad Karp, co-author of the COWL specification, explains how it works: “If a JavaScript program embedded within one web site reads information provided by another web site–legitimately or otherwise–COWL permits the data to be shared, but thereafter restricts the application receiving the information from communicating it to unauthorized parties. As a result, the site that shares data maintains control over it, even after sharing the information within the browser.”

COWL is available for web developers to freely download starting today.JC