Is there any Security problem in Ajax technology?

[dinis at ddplus.net (Dinis Cruz)]

I personally think that AJAX has the potential to create very insecure applications because it pushes the data 
validation and authorization layers back to the client (i.e. the browser)

"AJAX brings 'Back the Rich Client' and all its security problems"

Kentaro, on your AJAX application you must follow the rule-of-thumb of not trusting any data supplied by your own 
Client-Side-AJAX functions, and authorize every request.

In a nutshell: any data validation and authorization decisions/actions made at the Client-Side-AJAX functions are only 
there for usability, and have NO security value.

Hope this helps

Dinis Cruz
Owasp .Net Project
www.owasp.net

----------------------------------------
From: "Kentaro Arai" <kentaro.arai at avanade.com>
Sent: Monday, March 06, 2006 9:49 AM
To: "Secure Coding Mailing List" <SC-L at securecoding.org>
Subject: [SC-L] Is there any Security problem in Ajax technology? 

Hi, All

I'm designing a web application with Ajax technology and .NET
Framework1.1.
Do I need to consider any security problem, using the Ajax technology?

Kentaro Arai

_______________________________________________
Secure Coding mailing list (SC-L)
SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20060306/c1ad3282/attachment.html