Please create an account to participate in the Slashdot moderation system


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Is Your AJAX App Secure? 142

Posted by CmdrTaco
from the something-to-think-about dept.
ShaolinTiger writes "An article looking in detail at some of the security problems with AJAX, how to find them and how to approach them or fix them. Security with AJAX is of course an important consideration as it's asychronous and a malicious user could write data back to your database if implemented incorrectly."
This discussion has been archived. No new comments can be posted.

Is Your AJAX App Secure?

Comments Filter:
  • Challenges of AJAX (Score:4, Interesting)

    by cyberjessy (444290) on Wednesday April 05, 2006 @10:24AM (#15066207) Homepage
    Security with AJAX is of course an important consideration as it's asychronous and a malicious user could write data back to your database if implemented incorrectly.

    That statement is a little misleading, as security is not directly related to requests being asynchronous. I think what the poster meant is that being asynchronous, AJAX application make lots of calls to the back end. In a non-AJAX app, typically you fetch the data during the page load. In AJAX app, users request sections of the page to be refreshed, meaning a lot more finely grained methods to the backend are exposed.

  • "AJAX" alternative? (Score:3, Interesting)

    by greywire (78262) on Wednesday April 05, 2006 @11:49AM (#15067098) Homepage
    Can somebody please come up with a name other than AJAX? I find myself talking about the programming techniques covered by the moniker of "AJAX" (herein after refered to as "BLURG") and wanting to call it something other than "AJAX":

    BLURG is not necessarily asynchronous: you may be updating only a small part of the page, but doing it synchronously.

    BLURG does not require XML. In fact you could be returning HTML, Javascript, CSV, JSON, etc.

    BLURG does not even require the XmlHttpRequest feature and BLURG techniques have been in use far before the existance of this feature.

    Can we please come up with a better name for BLURG, one that covers the more general programing techniques involved? Something for us people to use that is NOT just the trendy new thing known as AJAX? Something that we can use that will let others like us know that we have been aware of these techniques even before the term AJAX was coined?

    For now I will call it BLURG...
  • by screaser (901255) on Wednesday April 05, 2006 @02:34PM (#15069073)
    I've read and believe that AJAX is being or has been de-acronym-ified...

    AJAX is just a proper noun now, referring more to the user interaction style used in the BLURG apps you mention, and doesn't need to use any specific technology.

    i.e. Don't shove the whole user interface down the pipe every time the user clicks... adapt the interface as work progresses... etc.

    The term is probably here to stay... so we might as well make it mean what we want it to.

Sigmund Freud is alleged to have said that in the last analysis the entire field of psychology may reduce to biological electrochemistry.