When we start discussing applications that host and work with users’ personal information, the conversation will naturally lead to user security. How do we protect users’ personal data? Should the container hosting the applications be responsible for that information, or should the onus be on the application developers?

Besides the question of how to best protect end users, we must ask ourselves how strict we should be about content developed by third parties. How restrictive can we be before developers seriously consider not developing on the platform or site in question? How far can we go to protect end users before we begin to alienate our developers?

Finally, once we have a security model in place, how will it impact application performance? Will the overhead imposed by the security mechanism significantly slow down load times to the point where it causes timeouts or forces users to leave the platform?

These are the questions this chapter will address as we explore some of the available open source security technologies that allow us to host third-party code securely within a site or application container.