AJAX Security

As I see it, you can write unsecure code with or without Ajax.

Ask the security guys what the added security issues are when implementing Ajax, and please post their reply.

Cheers!

/Eskil

Hi,

I don't think they are quite right if you use MS AJAX 1.0.

See:

http://www.asp.net/AJAX/Documentation/Live/BrowserCompatibilityForASPNETAJAX.aspx

http://www.google.com/search?hl=zh-CN&lr=lang_en&as_qdr=all&q=ajax+security&suggest=2&sa=X&oi=cjkrefinements&ct=result&cd=3

If you have further questions,let me know!

Best Regards,

AJAX doesn't change anything in security... Butyoucan.

If you rely only on client side validations, you will be vulnerable to attacks like sql injection for example...

The javascript can be modified by the client (user)...

So, as long as you secure your server side codes, you'll be fine...

If you are in the same situation as me, the main problem your security guys see is "oh no, i don't want to do any extra work and I have no clue what ajax means"...

Just the usual fear of new things...

http://searchsoa.techtarget.com/qna/0,289202,sid26_gci1164745,00.html