Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment: Re:Where the heck did this hype come from? (Score 1) 82

by chefjoeardee (#17073112) Attached to: Experts Say Ajax Not Inherently Insecure
Gah. I hate to keep posting things repeatedly but my thinking is fragmented today :)

I don't think it's similar to a FORM at all, you can get the user to access other sites that they wouldn't normally access and get a parseable response from that site (as I mentioned above). I plan on testing this out some more with a friend of mine to see if I can grab their modems information remotely.

If you're using AJAX in a legitimate fashion (eg, requesting information from the original server) then yeah, it is as simple as a FORM request (maybe some session verification with PHP) but this manner I just outlined completely defeats that.

Brain damage is all in your head. -- Karl Lehenbauer

Working...