Is Your AJAX App Secure?

ShaolinTiger writes "An article looking in detail at some of the security problems with AJAX, how to find them and how to approach them or fix them. Security with AJAX is of course an important consideration as it's asychronous and a malicious user could write data back to your database if implemented incorrectly."

it's not secure, check out googe maps

[Gravis+Zero]

AJAX is not secure! if you look at google maps you can see my house... it's just sitting there on the screen waiting to be bombed. ahh.. my frickin' house!

Obligatory

[frodo+from+middle+ea]

I write only static HTML you insensitive clod.

AJAX App Secure?

[digitaldc]

If not, you need to clean it up!
Code cleanliness is next to Dev godliness.

Tinfoil Response

[0110011001110101]

You sir, are a sucker. I have found a way to beat the dreaded AJAX Google Maps insecurities. Simply put, I have a new house built every couple of years. My current house will be done in a week or so, and according to Google Maps (evil AJAX house bombing helper) my new cul-de-sac does not even exist. It's just a lot of trees... now who would bomb trees?

Please please please, buy a new house, or next time the Google Spyplane comes to take pictures, teepee your neighborhood with Tinfoil, I'm sure your neighbors will understand once you explain it to them.

Re:How is this different

[Beryllium+Sphere(tm)]

Now, now, be fair.

The article proposes one kind of attack: "it would leave massive DoS possibilities if I can create an HTML page that, using Javascript, can request thousands of concurrent web-pages from a web-site".

An attack like that would hit the web server's current directory, ".", like a slasher. An attack site that takes thousands of incoming connections and then floods the victim, implementing this "slash dot" effect, is a brilliant innovation.