ARN

Google Translate glitch opens security hole

Developers moving to the upcoming paid version of Google Translate need to follow the documentation so their implementation of the package doesn't lead them to paying for someone else's use of the platform.

In its current form, if it's running on the same server as the chat program it's translating for, Google Translate exposes to public view the customer identification code associated with a particular user.

MASSIVE: Hackers launch millions of Java exploits, says Microsoft 

Proxying the translator to another server hides the API that exposes the code and solves the problem, Google says in its documentation.

Developers at unified communications vendor IceWarp, which integrates Google Translate into its UC product, discovered the problem while working on its own implementation and put out a warning.

If the customer code is left exposed it can be copied and placed in another instance of Google Translate, meaning that the customer whose code was stolen will receive the bill for the customer who reuses it, says IceWarp.

At the moment the problem doesn't make any difference because Google doesn't charge for use of Google Translate, says Ladislav Goc , IceWarp's president.

But come January, Google says it will charge licensees based on how many characters it translates. Then, if the proxying option isn't used, customers run the risk of being hacked and billed for other licensees' use, Goc says

Google points to its documentation that says developers can restrict their API keys to a white list. "As a best practice for security, we recommend that developers proxy the API requests through their own server to keep their key private," a spokesman for Google says.

Goc says IceWarp's implementation will be done on an accompanying server, not the Web server hosting the chat page. That means the raw code is blocked from public view, he says.

Read more about wide area network in Network World's Wide Area Network section.

Nominations for the 2012 ARN IT Industry Awards open on Tuesday, June 12.

More about: Google, LAN, Microsoft
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: application development, Google, Microsoft, programming, security, software
ARN Directory | Distributors relevant to this article
Aquion , ASI Solutions , Avnet Technology Solutions , Bluechip Infotech , Compucon Computers , Dicker Data , Express Data , Express Online , ICT Distribution , Impact Systems Technology , Leader Computers , NewLease , Synnex Australia , Topstar Computer International , XiT Distribution , Xpress I.T.
rhs_login_lockGet exclusive access to ARN's news, research and invitation only events.
ARN Distributor Directory
Find distributors by name | vendor | location
Channel Deals
/deals/aca-pacific/357_sap-business-objects-crystal-reports-2008-defy
ACA Pacific

Increase Your Profit Margins with Tandberg Data RDX Cartridges!

More details »
ARN Vendor Directory
Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.