Library code snippets
The AJAX "Top 5" security tips
To succeed - you must start with good planning. Efforts should be focussed on reducing and simplifying the AJAX calls, and creating a standard format for responses that follows convention (ideally XML) where possible.
Follow best practice from sites such as the Open Web Application Security Project. This especially includes checking for Access Control and Input Validation flaws, whilst ensuring sensitive information travels over SSL rather than in the clear.
Never assume that Server Side AJAX checks for Access Control or User Input Validation will replace the need for final re-checking at the Server. Adding AJAX controls will never reduce your validation workload, they will only increase it.
Never assume that Client Side obfuscation (making the JavaScript difficult to read or decode) will protect your most important commercial secrets. Using JavaScript is a poor way to hide programming tricks and advances from your competitors.
Finally, you must be prepared to exercise a tight reign over your development team. Wonderful ideas using AJAX may sound compelling, but you should consider saving them for version 2, whilst you focus on building a rock-solid version 1.
Originally published at http://profoundway.blogspot.com/2006/06/ajax-net-security.html
Related articles
Related discussion
-
vb6 generated help file not working in Window 7 and Vista
by Thushan Fernando (1 replies)
-
Need Hep with Skypw
by web.bee (0 replies)
-
AJAX News Ticker Decay
by bquakkel (0 replies)
-
(Very urgent)how to assign the value of the variable in javascript function into php variable
by mazhar_qayyum (3 replies)
-
Need help for an email form
by spawn6991 (0 replies)
Related podcasts
-
Ajax, DWR, and Spring
Improving the User Experience without the JavaScript hassle: Ajax, DWR, and Spring Buzzwords like AJAX (Asynchronous JavaScript And XML) and XmlHttpRequest are buzzing around Java blogs for months now. The DWR (Direct Web Remoting) project aims to provide easy AJAX for Java. This session will...
Events coming up
-
Dec
8
December Silicon Valley Ruby Meetup
Moffett Field, United States
In a World of Middleware, Who Needs Monolithic Applications? by Jon Crosby With Rack emerging as the standard for composing web applications and services, most recently with Rails adoption, an architectural shift is taking place. Learn how to create next generation web services by reusing existing Rack middleware and supplementing with your own components and micro-frameworks like Sinatra. Bio : Jon likes music, the Open Web, Ruby, Erlang, Haskell, Objective-C, JavaScript and coffee.
Thanks
returning CSV in a custom flatsheet, XML adds too much bulk and that puts data integrity at risk from failure.
My personal preference is flatsheet over XML.
This thread is for discussions of The AJAX "Top 5" security tips.