Become a fan of Slashdot on Facebook


Forgot your password?

Comment: Re:Where the heck did this hype come from? (Score 1) 82

by chefjoeardee (#17073112) Attached to: Experts Say Ajax Not Inherently Insecure
Gah. I hate to keep posting things repeatedly but my thinking is fragmented today :)

I don't think it's similar to a FORM at all, you can get the user to access other sites that they wouldn't normally access and get a parseable response from that site (as I mentioned above). I plan on testing this out some more with a friend of mine to see if I can grab their modems information remotely.

If you're using AJAX in a legitimate fashion (eg, requesting information from the original server) then yeah, it is as simple as a FORM request (maybe some session verification with PHP) but this manner I just outlined completely defeats that.

Never buy what you do not want because it is cheap; it will be dear to you. -- Thomas Jefferson