O'Reilly logo

Programming Social Applications by Jonathan LeBlanc

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Drive-by Downloads

Drive-by downloads are the processes by which a malicious site can download content to the user’s computer without that user having any knowledge that it is happening. This is not a problem exclusive to iframe security, but since using an iframe to secure an application allows the application developer to run any frontend code she wishes, the potential for drive-by downloads is magnified.

Drive-by downloads may mimic the functionality of a pop-up window. When attempting to dismiss the pop up, the user may inadvertently download spyware, malware, or viruses onto his system. These pop-up windows may appear as error reports, advertising, or any other deceptively common message. Since the user’s action initiates the attack, he is considered to have given consent to download the malicious package.

This is just one of the methods that a malicious developer may employ. Drive-by downloads take many forms and can be a prevalent problem when third-party code is allowed to run unchecked within an application container.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required