"AJAX brings 'Back the Rich Client' and all its security problems"
Kentaro, on your AJAX application you must follow the rule-of-thumb of not trusting any data supplied by your own Client-Side-AJAX functions, and authorize every request.
In a nutshell: any data validation and authorization decisions/actions made at the Client-Side-AJAX functions are only there for usability, and have NO security value.
Hope this helps
Dinis Cruz
Owasp .Net Project
www.owasp.net
From: "Kentaro Arai" <[EMAIL PROTECTED]>
Sent: Monday, March 06, 2006 9:49 AM
To: "Secure Coding Mailing List" <SC-L@securecoding.org>
Subject: [SC-L] Is there any Security problem in Ajax technology?
Hi, All
I'm designing a web application with Ajax technology and .NET
Framework1.1.
Do I need to consider any security problem, using the Ajax technology?
Kentaro Arai
_______________________________________________
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php