Acidus wrote:
I signed a book contract today with Addison Wesley to write a book on Ajax Security with a co worker. The manuscript is due June 1st, so outside of Phreaknic (and Security Opus and AJAXWorld and Toorcon and Shmoocon...) you won't see much of me :-)
Congrats on the book. But I'm curious... for AJAX security we use SSL/HTTPS and Catalyst's Authentication/Authorization. In a broad sense, what special concerns are there for AJAX? If you always have to login, and you always make your AJAX calls from a page via HTTPS, isn't AJAX the same as any other CGI in regards to security? RE: Its offical! I'm writing a book. | 
