[pmwiki-users] Google map integration

Ben Wilson dausha at gmail.com
Thu Jan 24 16:34:51 CST 2008


On Jan 11, 2008 5:56 AM, kirpi at kirpi.it <kirpi at kirpi.it> wrote:
> > > I'm trying to follow this page
> > > http://pmwiki.confluence.free.fr/index.php5?n=Main.GoogleMap
> > > but as a resul I get the "whole" Google page inside my pmwiki install,
> > > with its logo, search field, and extras, instead of just the map.
>
> > Try this recipe instead:
> > http://www.pmwiki.org/wiki/Cookbook/GoogleMapAPI
>
> Hans, that's a *much* more complicated beast!
> At least it seems so.
>
> I was content with a simple cut and paste.

Be forewarned: allowing IFRAMEs in a promiscuous wiki page is a very
dangerous thing to do. IFRAMEs can be used to imbed software that
allows for many exciting exploits, to include stealing passwords. If
you allow IFRAME to inject a Google Map, you are asking to be
exploited. So, while GMA is a bit daunting, it is at least a safer
option.

"Approximately half of the[29,700 newly, daily infected] websites
contained code that the security company calls "Mal/Iframe". The
legitimate websites could initially have been compromised via
vulnerabilities in the server that allowed SQL injection, while some
had policies that allowed blog posts containing HTML, which allows
pages to be infected.

"Mal/Iframe opens a tiny window, often measuring one pixel by one
pixel, through which other malicious content which seeks to exploit
web browsers is dragged onto a legitimate site, according to Cluley.
"You have a tiny pinprick of a window dragging down malicious code..."

http://news.zdnet.co.uk/security/0,1000000189,39288208,00.htm

"Sophos, a world leader in IT security and control, has published new
research into the first six months of cybercrime in 2007...

"Mal/Iframe, which works by injecting malicious code onto web pages,
dominates this chart, accounting for almost half of the world's
infected URLs....

"Mal/Iframe is a textbook example of a spawning web threat that
targets and exploits vulnerable sites regardless of [] the content

http://www.sophos.com/pressoffice/news/articles/2007/07/securityrep.html

-- 
Ben Wilson
"Words are the only thing which will last forever" Churchill



More information about the pmwiki-users mailing list