AJAX Security

Ajax Security : Server Side

  • AJAX-based Web applications use the same serverside security schemes of regular Web applications
  • You specify authentication, authorization, and data protection requirements in your web.xml file (declarative) or in your program (programatic)
  • AJAX-based Web applications are subject to the same security threats as regular Web applications

Ajax Security : Client Side

  • JavaScript code is visible to a user/hacker. Hacker can use the JavaScript code for inferring server side weaknesses
  • JavaScript code is downloaded from the server and executed ("eval") at the client and can compromise the client by mal-intended code
  • Downloaded JavaScript code is constrained by sand-box security model and can be relaxed for signed JavaScript
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)