Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.
Kenneth F. Belva

Where to find AJAX Security Issues

After reading eWeek.com's article on AJAX security, I decided to do some research.

It seems to me the two large security issues that will arise from AJAX will be the parser and the asynchronous data transfer.

Parser issues are old hat, just look at the work done on IE and Firefox. It will most likely be the case that new functionality will be added to the DOM to support this web-based coding style. So, we can expect new coding errors (and hence new security bugs) to be present here.

The second is in the asynchronous data transfer. This means the application will communicate with the server without user interaction. There is an extent this happens already, but the amount of client to server communication independent of user interaction will drastically increase with AJAX. It is especially problematic if the communication will function across domains. The data streams could be manipulated to be pushed to servers to which it was not intended. It is my opinion that this cross domain communication will be one the next web application pushes because it will increase data flow and facilitate business arrangements.

Post a Comment

Your email is never published nor shared. Required fields are marked *