Developers moving to the upcoming paid version of Google Translate need to follow the documentation so their implementation of the package doesn't lead them to paying for someone else's use of the platform.
In its current form, if it's running on the same server as the chat program it's translating for, Google Translate exposes to public view the customer identification code associated with a particular user.
MASSIVE: Hackers launch millions of Java exploits, says Microsoft
Proxying the translator to another server hides the API that exposes the code and solves the problem, Google says in its documentation.
Developers at unified communications vendor IceWarp, which integrates Google Translate into its UC product, discovered the problem while working on its own implementation and put out a warning.
If the customer code is left exposed it can be copied and placed in another instance of Google Translate, meaning that the customer whose code was stolen will receive the bill for the customer who reuses it, says IceWarp.
At the moment the problem doesn't make any difference because Google doesn't charge for use of Google Translate, says Ladislav Goc , IceWarp's president.
But come January, Google says it will charge licensees based on how many characters it translates. Then, if the proxying option isn't used, customers run the risk of being hacked and billed for other licensees' use, Goc says
Google points to its documentation that says developers can restrict their API keys to a white list. "As a best practice for security, we recommend that developers proxy the API requests through their own server to keep their key private," a spokesman for Google says.
Goc says IceWarp's implementation will be done on an accompanying server, not the Web server hosting the chat page. That means the raw code is blocked from public view, he says.
No comments:
Post a Comment