Hi, Ajax.NET has the same way to go as common ASP.NET web forms. If you build a web form with textbox and button where you can delete files on the server it is the same security issue. Since the first version of Ajax.NET I only got one security bug where you could call any method, but this was fixed in one hour... ;)
Today you can add an attribute to the urlNamespaceMapping tag that will only allow types from the list. This will prevent others to call AjaxMethods that are not really used, like the AjaxPro.Services.*. Regards, Michael On 6/9/06, Fabio Cavassini <[EMAIL PROTECTED]> wrote: > > What are the possible security issues regarding AJAX.NET? > > For example, let's say I have a Proxy Class in my application, with all > my AJAX methods. > > Is it possible for a hacker (my application is public) to enter my > site, cache all AJAX.NET generated JavaScript and: > > - Call the Proxy Class Methods from other places other than my domain? > > Best Regards > Fabio Cavassini > > > > > -- Best regards | Schöne Grüße Michael Microsoft MVP - Most Valuable Professional Microsoft MCAD - Certified Application Developer http://weblogs.asp.net/mschwarz/ http://www.schwarz-interactive.de/ mailto:[EMAIL PROTECTED] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ajax.NET Professional" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/ajaxpro The latest downloads of Ajax.NET Professional can be found at http://www.ajaxpro.info -~----------~----~----~----~------~----~------~--~---
