WebApp Sec mailing list archives
Re: AJAX Concept Question
From: Peter Conrad <conrad () tivano de>
Date: Fri, 22 Feb 2008 09:16:14 +0100
Hi, Am Freitag, 22. Februar 2008 04:15 schrieb Mat:
Why is XML used as a transport agent/layer?
mostly because XML is a nice buzzword. ;-) The good thing about XML is that there's a lot of tools for generating and parsing it. If you apply these properly, you don't have to worry about escaping "bad" characters, for example.
What are the benefits of using either implementation?
Depending on what you're going to do with it, not using XML can be much more efficient. I don't think there are any big pros or cons for either approach. Choose what fits your needs.
Obviously the second way is not typical AJAX due to the lack of XML - but its the same idea. Also, are there any security related issues due to using either method?
I think echoing JavaScript code to the end of the page is more dangerous, simply because code is more dangerous than data. Of course it depends on how the code is generated and how the data is used - YMMV. Bye, Peter -- Peter Conrad Tel: +49 6102 / 80 99 072 [ t]ivano Software GmbH Fax: +49 6102 / 80 99 071 Bahnhofstr. 18 http://www.tivano.de/ 63263 Neu-Isenburg Germany ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- AJAX Concept Question Mat (Feb 21)
- Re: AJAX Concept Question Charles Miller (Feb 22)
- Re: AJAX Concept Question Peter Conrad (Feb 22)
- RE: AJAX Concept Question Jason Karlin (Feb 22)