Acidus wrote: There are several security issues with having an Ajax enabled application. Some of them are traditional web security issues that are magnified because of Ajax, and some a new issues. Here are just a few. I refer you to my BlackHat presentation Ajax (in)Security for more info. ... Even sites like Yahoo's webmail that don't "use" Ajax per say can still be contacted by an HTTP request that Ajax makes. ...
Of course, we always expect great things from Acidus and it appears he's leading the way on AJAX... I'm sure the his book will become a well respected reference for many. So, congrats! p.s. I hope you'll forgive me my pedantry, but as you are about to publish again I feel obligated to point out that you meant to write "per se". That one's a particular peeve of mine, since people have a level of comfort with the word "say" and use "per" semi-regularly in other contexts (e.g. "Per Kathy, we're going to have our team meeting at Moes."). "Per say" actually *feels* right, which makes it all the more insidious. RE: Ajax Security Issues |