Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: Its offical! I'm writing a book.. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Its offical! I'm writing a book.
by Acidus at 3:53 pm EDT, Aug 28, 2006

I signed a book contract today with Addison Wesley to write a book on Ajax Security with a co worker. The manuscript is due June 1st, so outside of Phreaknic (and Security Opus and AJAXWorld and Toorcon and Shmoocon...) you won't see much of me :-)


 
RE: Its offical! I'm writing a book.
by Lost at 4:09 pm EDT, Aug 28, 2006

Acidus wrote:
I signed a book contract today with Addison Wesley to write a book on Ajax Security with a co worker. The manuscript is due June 1st, so outside of Phreaknic (and Security Opus and AJAXWorld and Toorcon and Shmoocon...) you won't see much of me :-)

Congrats on the book. But I'm curious... for AJAX security we use SSL/HTTPS and Catalyst's Authentication/Authorization. In a broad sense, what special concerns are there for AJAX? If you always have to login, and you always make your AJAX calls from a page via HTTPS, isn't AJAX the same as any other CGI in regards to security?


  
RE: Its offical! I'm writing a book.
by Acidus at 9:32 am EDT, Aug 29, 2006

Jello wrote:
Congrats on the book. But I'm curious... for AJAX security we use SSL/HTTPS and Catalyst's Authentication/Authorization. In a broad sense, what special concerns are there for AJAX? If you always have to login, and you always make your AJAX calls from a page via HTTPS, isn't AJAX the same as any other CGI in regards to security?

Its good you bring this up Jello. I'll be talking a lot more about this at Phreaknic

It's worth pointing out that the situation you describe is the not the norm on the Internet. 90% of websites have all of their functionality exposed without needing a login.

Also, I'm sure you know this, but SSL/HTTPS does not secure your website. SSL provides an encrypted tunnel. All web attacks operate at layer 7 and work exactly the same over HTTP or HTTPS. In fact, SSL can hurt you. Unless your IDS has your encryption keys or is the SSL endpoint its much harder to see if someone is attacking you. I've only seen a half dozen or so large scale organizations, but, "for performance reasons," none could set up their network in such a way that the IDS could access the encrypted web traffic.

I'll answer your Ajax security question in a new post


 
RE: Its offical! I'm writing a book.
by Rattle at 5:09 pm EDT, Aug 28, 2006

I signed a book contract today with Addison Wesley to write a book on Ajax Security with a co worker. The manuscript is due June 1st, so outside of Phreaknic (and Security Opus and AJAXWorld and Toorcon and Shmoocon...) you won't see much of me :-)

Excellent news! I'm sure it will be a quality tome..

Is the other co-worker anyone we know?


 
 
Powered By Industrial Memetics