| |||||||||||||
AJAX and securityAJAX and securityPosted Sep 7, 2006 13:28 UTC (Thu) by erich (subscriber, #7127)In reply to: AJAX and security by mrshiny Parent article: AJAX and security
Hi,
Face it: Ajax makes code auditing and such things a lot harder. If you're using Java, you can run all kinds of code verification tools. Is there any such thing for Ajax? Do you have unit tests for your ajax?
(Log in to post comments)
AJAX and security Posted Sep 10, 2006 0:04 UTC (Sun) by mrshiny (subscriber, #4266) [Link] There should be no reason why you can't write unit tests for AJAX applications. For one thing, the server-side component can be easily tested by calling it from a test harness such as httpunit. The java-script side may be trickier, but nothing stops you from writing a javascript test harness, in fact there may be one.
Furthermore, as AJAX techniques become standardized, standard tools such as unit test libraries will become more widely available and used. Currently Ajax programming is very bare-bones; once there is a large body of AJAX code there will be corresponding tests.
AJAX and security Posted Sep 10, 2006 8:37 UTC (Sun) by dion (subscriber, #2764) [Link] Well, there are some very nice and easy units to test when using ajax, namely all the urls that the ajax code will run.
I thought the point of the article was that with ajax you have n+1 more urls to audit and that in itself might mean that it's harder to ensure security.
|
|||||||||||||