Welcome to WebmasterWorld Guest from 18.207.134.98

Forum Moderators: phranque

Message Too Old, No Replies

The Security Risk In Web 2.0

     
4:17 pm on Jul 28, 2006 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:26379
votes: 1039



Web 2.0 is causing a splash as it stretches the boundaries of what Web sites can do. But in the rush to add features, security has become an afterthought, experts say.
...

"We're continuing to make the same mistakes by putting security last," said Billy Hoffman, lead engineer at Web security specialist SPI Dynamics. "People are buying into this hype and throwing together ideas for Web applications, but they are not thinking about security, and they are not realizing how badly they are exposing their users."

The security risk in Web 2.0 [news.com.com]

4:54 pm on July 28, 2006 (gmt 0)

Full Member

10+ Year Member

joined:Sept 7, 2005
posts:242
votes: 0


Poppycock. Sure enabling javascript makes cross site scripting an issue it's no more of an issue simply because the XHTTP object is used. Just as with spam and phishing scams, the real danger of the XHTTP object is unscrupulous webmasters. Data can be captured from the keystroke rather than submitting a form. This is really the most blaring security concern.
5:26 pm on July 28, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Sept 4, 2002
posts:508
votes: 0


This is goofy, as are the other articles of its ilk. Hold on - once we start using AJAX, we still have to check our users' credentials on each request and take precautions against cross-site scripting? Wow, really?