04-06-2006, 08:43 AM
Article explores ways to minimize security problems when developing Ajax applications:
full article: http://www.darknet.org.uk/2006/04/ajax-i...re-enough/
related topic:
Web 2.0 Star Ajax Could Open Door to Security Problems: The Ajax Malware Threat
http://community.tuliptools.com/index.ph...268.0.html
Quote: AJAX: Is your application secure enough?...
The Question
Some web-enabled applications, such as for email, do have pretty destructive functionality that could possibly be abused. The question is will the average AJAX-enabled web-application be able to tell the difference between a real and a faked XmlHttpRequest?
Do you know if your recently developed AJAX-enabled or enhanced application is able to do this? And if so does it do this adequately?
Do you even check referrers or some trivial token such as the user-agent? Chances are you do not even know. Chances are that other people, by now, do....
full article: http://www.darknet.org.uk/2006/04/ajax-i...re-enough/
related topic:
Web 2.0 Star Ajax Could Open Door to Security Problems: The Ajax Malware Threat
http://community.tuliptools.com/index.ph...268.0.html