Google Translate glitch opens security hole

Developers moving to the upcoming paid version of Google Translate need to follow the documentation so their implementation of the package doesn't lead them to paying for someone else's use of the platform.

In its current form, if it's running on the same server as the chat program it's translating for, Google Translate exposes to public view the customer identification code associated with a particular user.

MASSIVE: Hackers launch millions of Java exploits, says Microsoft 

Proxying the translator to another server hides the API that exposes the code and solves the problem, Google says in its documentation.

Developers at unified communications vendor IceWarp, which integrates Google Translate into its UC product, discovered the problem while working on its own implementation and put out a warning.

If the customer code is left exposed it can be copied and placed in another instance of Google Translate, meaning that the customer whose code was stolen will receive the bill for the customer who reuses it, says IceWarp.

At the moment the problem doesn't make any difference because Google doesn't charge for use of Google Translate, says Ladislav Goc , IceWarp's president.

But come January, Google says it will charge licensees based on how many characters it translates. Then, if the proxying option isn't used, customers run the risk of being hacked and billed for other licensees' use, Goc says

Google points to its documentation that says developers can restrict their API keys to a white list. "As a best practice for security, we recommend that developers proxy the API requests through their own server to keep their key private," a spokesman for Google says.

Goc says IceWarp's implementation will be done on an accompanying server, not the Web server hosting the chat page. That means the raw code is blocked from public view, he says.

Read more about wide area network in Network World's Wide Area Network section.

More about: Google, LAN, Microsoft
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: application development, Google, Microsoft, programming, security, software
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/58/seamonkey/

Seamonkey

Seamonkey includes an Internet browser, email and newsgroup client with an included web feed reader, HTML editor, IRC chat and web development tools. SeaMonkey will ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia