I was wondering what means can be employed to control this — and there are a few strategies that can be used here:
- Input Cleanup – Always clean up inputs when you are accepting anything from a foreign agent (user, website, api). This should include cleaning up script tags, cleaning up for SQL injection, etc.
- Secure Account Settings – Ensure that before changing account settings, users are at least made to put in their password once again, or it’s on a separate location (https) that prevents the same authentication tokens to be used. Yahoo/Google do that for all important account settings
- Sandbox External Code – If you do have to run any custom code that the user sends your way, run it in a sandbox. Rather than giving it access to all your data structures, create a new datstructure, populate it appropriately and let it spit out the results in some predefined format (say, XML). You can parse the results and display it again. Showing users’ code directly can be quite dangerous.
- Extra authentication for APIs – Give the API an extra authentication token, say an api key, that prevents the users to access your api’s without it. The challenge here would be distribution of this extra information. This can either be done by asking users to put in an extra api key when they give api access to somebody, or to make the software pass through a API validation step (a la OpenID, or Vista UAC) that only gives out the api key, after correctly informing the user.
Do you have any other tips?