The Dangers of Ajax
Thu, 08/24/2006 - 19:12 — Sam
I'm always one for exploring new technologies, and in recent months my focus has been on Ajax, and Rich Internet Applications, mainly because this is what I do at Bitopia. One thing that has been bothering me about the resurgence of javascript, is that it places too much emphasis on the client side. People are diving into this more easily accessible technology without thinking properly and considering the dangers.
Imagine an application that relies on processing a form using Ajax. Two methods are used, one to examine and check the form for errors and correct content, and the other to send the form to the server for processing. Using a simple javascript console, or the more advanced Greasemonkey plugin for Firefox, a hacker could easily fill in the form, and manually call the form submission. The server assumes that the javascript on the clientside has already checked the form and processes the information. This presents a clear security risk.
I know, it's a poor example, but it does highlight the need for increased developer awareness of these issues. Relying on javascript for validation is a big mistake, and i've noticed a few sites out in the web that will remain nameless, that could be exploited using the tools mentioned.
Form validation in javascript should only be used to reduce bandwidth and provide better information for the client to understand why a form field contains content that isn't acceptable. It is important to mirror or better the validation on the server side, so that a hacker cannot exploit your website or application.
- Sam's blog
- Login or register to post comments
Search
Recent blog posts
- Why I Love it When PC Games Get Released After Consoles
- Layershift - Ultimate Host?
- New Website! Again!
- Happy New Year!
- Selenium - Web Application and Website Testing Conquered
- MySQL Configuration Shocker
- jQuery - A Few Months On
- Want Web2.0? Try jQuery
- The Dangers of Ajax
- The Funniest Video I've Ever Seen
Syndicate
Comments
ucvhost is a leading web site
ucvhost is a leading web site hosting service provider that is known to provide reliable and affordable hosting packages to customers. cheap vps company believes in providing absolute and superior control to the customer as well as complete security and flexibility through its many packages. windows hosting Moreover, the company provides technical support as well as customer service 24x7, in order to enable its customer. price. windows vps One good linux hosting option is the package offered by ucvhost Forex Vps , which not only provides the best in terms of hosting packages but also believes in truly being there for the customer, 24x7.
Cheap Hosting Moreover , they offer unlimited bandwidth as well as nearly 1GB storage along with database maintenance, email facility along with storage, availability of sub domain and many other important features for a very low . thanks ucvhost
jewellery
There are many kinds of things that were links of london provided by many kinds of stores.
For some ladies, there is no such better place in the internet that could give them some excellent chances to get many excellent things for themselves. links of london They could get many kinds of clothes. They could also get many kinds of accessories such as bags, hats, shoes or jewelries. Speaking about jewelries, the silver jewelries have already become a new trend. Today, many ladies would love to use the silver links of london jewelries that could give them some excellent performance if they used the silver jewelries as their accessories. They could get those silver jewelries in the internet. Perhaps, they should try to click the links of london site.
They should consider of clicking the Elinkslondon.com to get some excellent information links of london about the whole kinds of jewelries. For some ladies, the silver jewelries that have been produced in the site above would be the perfect options for them. The links london product has been considered as the perfect product so far. It has so many options for many kinds of products. For some ladies, they would have some chances to get some excellent options of silver jewelries in the site above such as links of london the silver bracelet, the silver necklace and the silver pendants, and the silver charms as well. They could get some excellent options of the links of london charms as well.
links of london sale
Who can tell me where is the world famous links of london sale? My girlfriend wants to order links
of london necklaces and links
of london rings recently, it is a big deal for me.
qqq
tiffany jewelry
Choose, buy and shop for on sale tiffany jewelry including Tiffany & Co Silver Necklace, Pendants, Bangles, Bracelets, Earrings, Rings and Accessories.
tiffany co
Tiffany Jewellery offering bangle Jewellery, bracelet jewelry, eardrop jewelry, necklace jewelry, ring jewelry, finger ring jewelry and earring jewelry
tiffany
tiffany and co
links of london
links london
Tiffany Style Silver Jewelry: Rings, Earrings, Necklaces, Bracelets and more Tiffany Jewellery at low prices.
Choose, buy and shop for on
Choose, buy and shop for on sale tiffany jewelry including Tiffany & Co Silver Necklace, Pendants, Bangles, Bracelets, Earrings, Rings and Accessories.
Tiffany Jewellery offering bangle Jewellery, bracelet jewelry, eardrop jewelry, necklace jewelry, ring jewelry, finger ring jewelry and earring jewelry
tiffany
tiffany and co
links of london
Provide high quality silver Tiffany jewellery including necklaces,rings and other style jewelry at wholesale prices.Pick your dreaming
Tiffany jewellery
Tiffany co
Tiffany
Tiffany Stores is the best online United Kingdom jewelry stores where you can buy the cheapest Tiffany & Co silver jewelry.
Our huge selection of Tiffany
Tiffany Rings
Tiffany Bracelets
links london
Tiffany Style Silver Jewelry: Rings, Earrings, Necklaces, Bracelets and more Tiffany Jewellery at low prices.
re
Ajax is a set of technologies being used together,70-294 just as "LAMP" is a shorthand referring to Linux, Apache, MySQL and PHP.640-460 But back to Ajax! 646-230
Ajax, which stands for Asynchronous Javascript And XML, is comprised of the following technologies: 650-175
* HTML + CSS for presenting information
* JavaScript for dynamically interacting with the information presented
* XML, XSLT and the puzzlingly-named XMLHttpRequest object to manipulate data asynchronously with the Web server.
Prevention
Easy to stop though, you should always use a server language to validate a second time.
Anyone using purley client side languages to perform important validation tasks is either a fool or dosn't know very much about server side. Never trust someone whos face you can't see. ( That includes me ;) )