The Dangers of AJAX
If any technology is closely associated with the Web 2.0 phenomenon it's Asynchronous Javascript and XML aka AJAX. AJAX-based applications are all around us and in theory offer business low-cost alternative to collaborative applications....
April 6, 2006
If any technology is closely associated with the Web 2.0 phenomenon it's Asynchronous Javascript and XML aka AJAX. AJAX-based applications are all around us and in theory offer business low-cost alternative to collaborative applications. Put up an internal site and with Mapable you can launch your own map-enabled chat rooms for free transform your company's Web sit with virtual worlds or just get rid of your Office applications with AJAX-enabled Word Processor and SketchPad.
And like any good Microsoft application AJAX-based apps may also form a vulnerability in the security fabric of your network. Navaho Gunleg reports on DarkNet about how a hacker could use AJAX-based applications to execute some malicious operation on a visiting PC.
Business shouldn't get too paranoid about AJAX vulnerabilities and nor should it try and do something stupid like banning AJAX the way it's done with IM . A better approach is to work through the security community to understand AJAX's limitations and push your security suppliers to deliver the devices that can inspect AJAX content.
We can prevent malformed HTML or XML packets. AJAX is no different.
About the Author
You May Also Like