AJAX security issues?

Forum Moderators: open

Message Too Old, No Replies

AJAX security issues?

Advisory says AJAX poses security risk

cubic

6:09 pm on Feb 13, 2006 (gmt 0)

I don't know whether it's the right forum to publish this news story, but I have found this news item few minutes ago and would like to ask you if there are some real potential security issues with AJAX?

The article didn't revealed further information and the editors of the site said they didn't know more than its written online.

News story (hope it's fine to post news site):
[it-observer.com...]

DrDoc

6:20 pm on Feb 13, 2006 (gmt 0)

Certainly there are security issues. And certainly that's something everyone considering a solution like AJAX (or anything else for that matter) should do their best to foresee and become aware of.

There are, however, no greater security concerns using AJAX than any other form of communication between user and server (such as a contact form or other dynamic content).

Whenever designing any form of dynamic functionality one should take care to ensure that it performs as expected without opening up possible points of breach. The best way of doing this is, contrary to fairly common belief, to ensure that the particular functionality only responds to requests that were sent as expected; not trying to handle/account for requests that can be malformed. If you flat out ignore malformed requests there is less of a possibility for security problems, since you can impossibly anticipate all forms of anomalies.