User: Password:
Subscribe / Log in / New account

AJAX and security

AJAX and security

Posted Sep 9, 2006 16:03 UTC (Sat) by dps (subscriber, #5725)
In reply to: AJAX and security by dlang
Parent article: AJAX and security

I do not think AJAX exposes internals more than traditional web apps, but it might well lead to a more featurefull HTTP interface and therefore increase the range of things that can be attacked. The more you shift work onto the client the bigger this effect becomes.

Even in a tradiaional web app how do you know that your a backend was really called by pressing a button on its front end? AFAIK this is too difficult and instead the focus is usually on making sure the backend does what is supposed to do and nothing else. This might include not doing anything for those not duly authorised.

I know you can make HTTP requests within java applets wuithout relaoding the page, pass the results back to javascript and use DOM methods to change the page based on the results. The "internal" pages involved could also be (ab)used from elsewhere and need to take account of that fact.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds