Tuesday, April 3, 2007

AJAX Security flaws

Interesting article on AJAX Security flaws, sighted by Joe On .NET, but some reason its no longer showing on his site(?)

"…. called JavaScript Hijacking—can be found in the biggest AJAX frameworks out there, including three server-integrated toolkits: Microsoft ASP.Net AJAX (aka Atlas), Google Web Toolkit and xajax—the last of which is an open-source PHP-class library implementation of AJAX…."

One line synopsis:
Basically don’t use in built AJAX when sensitive data is being passed, but it is fine on public sites.

No comments: