I was planning to blog about the new features in Yahoo Pipes but I never had enough free time to do so. Today I found out that the service was extended with two more modules one of which adds an interesting twist on how to create pipes. Behold the Web Service module.

Power Interupted

As explained by Pipes’ documentation, the Web Service module POSTs the items in a pipe in JSON format to an external web service. This allows developers to extend the Pipes functionality to do whatever they need. The original items are replaced by the web services JSON or RSS response. Affectively, this means that now we can perform POST requests and for as long as the result is delivered in JSON or RSS, we will be able to read it. Moreover, this feature will push developers to come up with all kinds of silly services which may be suited for malicious purposes.

For those who haven’t got time to play with Yahoo Pipes, here is an a feature that used to have almost no real value while developing pipes: the pipes search interface. Yahoo was clever enough to build a search interface where developers can find pipes others have created, and use them as part of their applications, thus enabling some sort of collaborative environment. The reason this feature was not interesting is mainly because most developers were just aggregating feeds… boring! However, now it is really worthed to see what other pipes are made of since we can stumble across Web Service modules which could prove to be quite useful.

I am sort of disappointed from the lack of attention from the security community around this particular service. Yahoo Pipes is an extremely powerful and can enable JavaScript to do things that where hardly imaginable a couple of year ago. I discussed most of these security aspects in my talk at this year OWASP in Italy and also come up with several POCs. Still, I guess this is not enough. With the next GC project, Renaissance, I hope that we can really waken them up.