I beleive CFAJAX does not allow you to perform cross-domain work, whether by intent or by accident. I forgot to change on of my variables before uploading (from localhost to my final resting place) and it threw an error.
<!----------------//------ andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --------------//---------> -----Original Message----- From: Bryan Stevenson [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 03, 2006 12:58 PM To: CF-Talk Subject: AJAX and security It has just hit me that AJAX may not be all that safe. One could derive all that is being passed in an AJAX request by using view souirce and nabbing any included JS files. Once you had that info you could then figure out what's being sent in the request (i.e. variable names etc.). So in the case of an AJAX call that perhaps sends form contents to be inserted into the DB....what's to stop someone from reverse engineering your AJAX call and start inserting their own data?? I'm not readily seeing in the AJAX code where the domain is specified (my guess is programatically) as there is no domain setting....just which CFC/CFM file to call. I'm still working out the kinks....I love the possibilities of CFAJAX.....but this security issue (if it really is one) has me a bit spooked ;-) TIA Cheers Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228276 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
