Secure Coding mailing list archives
Is there any Security problem in Ajax technology?
From: dinis at ddplus.net (Dinis Cruz)
Date: Mon, 6 Mar 2006 20:39:05 -0500
I personally think that AJAX has the potential to create very insecure applications because it pushes the data validation and authorization layers back to the client (i.e. the browser) "AJAX brings 'Back the Rich Client' and all its security problems" Kentaro, on your AJAX application you must follow the rule-of-thumb of not trusting any data supplied by your own Client-Side-AJAX functions, and authorize every request. In a nutshell: any data validation and authorization decisions/actions made at the Client-Side-AJAX functions are only there for usability, and have NO security value. Hope this helps Dinis Cruz Owasp .Net Project www.owasp.net ---------------------------------------- From: "Kentaro Arai" <kentaro.arai at avanade.com> Sent: Monday, March 06, 2006 9:49 AM To: "Secure Coding Mailing List" <SC-L at securecoding.org> Subject: [SC-L] Is there any Security problem in Ajax technology? Hi, All I'm designing a web application with Ajax technology and .NET Framework1.1. Do I need to consider any security problem, using the Ajax technology? Kentaro Arai _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php -------------- next part -------------- An HTML attachment was scrubbed... URL: http://krvw.com/pipermail/sc-l/attachments/20060306/c1ad3282/attachment.html
Current thread:
- Is there any Security problem in Ajax technology? Kentaro Arai (Mar 06)
- <Possible follow-ups>
- Is there any Security problem in Ajax technology? Dinis Cruz (Mar 06)
- Is there any Security problem in Ajax technology? George Capehart (Mar 13)
- Is there any Security problem in Ajax technology? Gadi Evron (Mar 14)
- Message not available
- [Owasp-dotnet] Re: Is there any Security problem in Ajax technology? George Capehart (Mar 15)
- [Owasp-dotnet] Re: Is there any Security problem in Ajax technology? Gadi Evron (Mar 16)
- [Owasp-dotnet] Re: Is there any Security problem in Ajax technology? George Capehart (Mar 16)
- Is there any Security problem in Ajax technology? George Capehart (Mar 13)