tags:

views:

268

answers:

3
+1  Q: 

When trying to integrate one website with another what is the way to go? Iframe or pulling content?

hi,

My company has multiple vendors that all have their own websites. I am creating a website that acts as a dashboard where customers can access all of the vendor's sites. I wanted to know what is the best option for doing this?

Here's what I have so far:

Iframe

  • Can bring in the entire website
  • Seems secure enough (not sure if I'm missing any information on security issues for this)
  • Users can interact with the vendor's website through our site
  • Our website cannot fully interact with the vendor's website (Also may be missing info here)

Pulling in the content

  • Can bring in the entire website
  • Not very secure from what I hear (Some websites actually say that pulling another website in is a voilation of security and will alert the user of this or something similar...
  • Users can interact with their website through our site
  • Our website can fully interact with the vendor's website

Anyone have any other options...?

What are some of the downsides to bringing in a site with an iframe and is this really our only option for doing something like this?

Optimally, we would like to pull in their site to ours without using an iframe- What options do we have on this level? Is there anything better than an iframe?

Please add in as much information as you can about iframes, pulling content, security, and website interactions like this. Anything to add in is appreciated.

Thanks,
Matt

A: 

As far as "pulling content" is concerned I wouldn't advise it as it can break. All it takes is a simple HTML change on their end and your bot will break. Also, it's more work than you think to do this for one site, let alone the many that you speak of. However, there are 3rd party apps that can do this for you if you have the budget.

You could use an iframe/frames, however, many sites might try to bust out of them and it can ruin the user experience of the site within the frame.

My advice is to use the following HTML for each link in your dashboard.

<a href="http://www.VendorSite.com" target="_blank">Vendor Site Link</a>
Marc  2009-06-18 16:39:28
By way of background information ... Jeff Atwood has a recent article on frame-busting here: http://www.codinghorror.com/blog/archives/001277.html
Chris J  2009-07-22 09:23:30
A: 

If you can have the sites that you are embedding add some client-side script, then you could use easyXSS. It allows for easy transferring of data, and also calling javascript methods across the domain boundry.

Sean Kinsey  2009-07-05 22:00:08
A: 

I would recommend iFrames. Whilst not the most glamorous of elements, many payment service providers use iFrames for the Verified by Visa/Mastercard Secure Code integration.

Lazlow  2009-07-05 22:22:20

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security