Comments on: Security in an AJAX World

By: Slung

Slung — Mon, 14 Jun 2010 19:49:41 +0000

If the token is part of an associative array, as in the request is contained in
an iteration of an array, the serial or id of the object would not only be hard to guess
but easy to reference given multiple runs or sends.
I believe it is easier to grab a hard coded token as well, especially if it happens to have
some sort of “x” or “y” thing going on…
Just as storing data in most major AJAX lines of coding techniques promote healthy
security, storing the request with a random or new iteration (associative) then destroying it allows for the browser to clean up after itself.

By: Max Kiesler - Designer » Blog Archive » What You Should Know About AJAX Security: 24 Tutorials

Tue, 02 Jun 2009 08:48:58 +0000

[...] Security in an AJAX World If data is more openly available as XML over HTTP, it’s going to be pretty damn easy for a smart hacker to get access to that data to make applications like this impressive example… which is great, but undoubtedly someone eventually will feel like their data is being “stolen” or “misused”. [...]

By: Sebastian Bauer (IT-Blog) » Aufgepasst im Web2.0

Sebastian Bauer (IT-Blog) » Aufgepasst im Web2.0 — Thu, 24 Jan 2008 16:15:07 +0000

[...] Links zu dem Thema: ar.kadi.us, Whirlycott, Mayflower komfortabler Datei-Upload mit [...]

By: Ajax Security on HubPages

Ajax Security on HubPages — Fri, 13 Oct 2006 21:12:56 +0000

[...] json xmlhttprequest javascript webdevelopment What are tags?email this pagedigg this pagereddit!bookmark this pagelink to this pageWhat do thesedo? [...]

By: BiZwiKi - 喧闹 PK 噪音 » Blog Archive » Ajax Security

BiZwiKi - 喧闹 PK 噪音 » Blog Archive » Ajax Security — Tue, 09 May 2006 21:47:43 +0000

[...] AJAX 世界里�?�的安全（Security in an AJAX World） [...]

By: Lockergnome's Web Developers

Lockergnome's Web Developers — Fri, 17 Mar 2006 06:25:22 +0000

Security in an AJAX World…

Don’t get me wrong here, I think that AJAX is as cool as everyone else out there. Cool effects and time saving abilities. But is it also a cause for security concerns, too. It appears that for some, it could……

By: 木头工作室 » Ajax Security (1)

木头工作室 » Ajax Security (1) — Fri, 17 Feb 2006 02:31:50 +0000

[...] 下�?�的内容�?�考自：http://www.whirlycott.com/phil/2005/04/15/security-in-an-ajax-world/ [...]

By: 빛�?� 담고 세�? 넓히기 » AJAX 개발�?용 �?료(3) - 보안

빛�?� 담고 세�? 넓히기 » AJAX 개발�?용 �?료(3) - 보안 — Thu, 12 Jan 2006 02:18:24 +0000

[...] 1. token 사용 : UUID와 같�?� 토�?��?� 사용함으로�?� 유효한 사용�?�?� 요청�?만 �?�답할 수 있다. session�? 키를 저장한 후 �?��?�서버로 �?�정한 시간안�? XMLHttpRequest 요청�?� 들어오는 경우만 �?�답�?� 하는 방�?으로 유효성�?� 체�?�할 수 있다. [...]

By: joe

joe — Fri, 28 Oct 2005 03:28:07 +0000

can’t this data be mooched from a website anyway? splogs have been taking bits of real blog posts to add a pinch of real to them .

By: Gregor J. Rothfuss

Gregor J. Rothfuss — Wed, 20 Apr 2005 19:44:02 +0000

also,

http://www.intertwingly.net/blog/2005/04/01/Sajax-Still-UnSafe