Re: Ajax Security discussion for the OWASP Guide

[noname () nospace com]

AJAX has the capability of subverting the presumed behavior of a web application, in the sense that even sophisticated 
users could not easily tell which client/server interactions are taking place and when. This may have security 
implications, for example if an application sends back to the server each keystroke as it is typed; this could 
potentially reveal sensitive information (wrong credentials, inadvertently typed by the user, etc.).
It is probably more a problem of policy and of informing the end user of what is going on (and actually not all would 
understand what that means... but that's another story).
Basically a new thing to consider is that AJAX may break the usual web application paradigm as we know it.