|
-
 The AJAX "Top 5" security tips
Download full Article
To succeed - you must start with good planning. Efforts should be focussed on reducing and simplifying the AJAX calls, and creating a standard format for responses that follows convention (ideally XML) where possible.
Follow best practice from sites such as the Open Web Application Security Project. This especially includes checking for Access Control and Input Validation flaws, whilst ensuring sensitive information travels over SSL rather than in the clear.
Never assume that Server Side AJAX checks for Access Control or User Input Validation will replace the need for final re-checking at the Server. Adding AJAX controls will never reduce your validation workload, they will only increase it.
Never assume that Client Side obfuscation (making the JavaScript difficult to read or decode) will protect your most important commercial secrets. Using JavaScript is a poor way to hide programming tricks and advances from your competitors.
Finally, you must be prepared to exercise a tight reign over your development team. Wonderful ideas using AJAX may sound compelling, but you should consider saving them for version 2, whilst you focus on building a rock-solid version 1.
Download full Article
Moe Tarhini
Senior Software Engineer
http://profoundway.blogspot.com
Similar Threads
-
Replies: 0
Last Post: 02-09-2006, 02:26 PM
-
By Chris Boyle in forum Security
Replies: 1
Last Post: 06-20-2001, 11:59 AM
-
By Blair Dillaway in forum Security
Replies: 2
Last Post: 11-18-2000, 02:02 PM
-
By Flacco in forum Enterprise
Replies: 1
Last Post: 09-13-2000, 10:15 AM
-
By David McCarter in forum vb.announcements
Replies: 0
Last Post: 07-24-2000, 12:06 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Development Centers
-- Android Development Center
-- Cloud Development Project Center
-- HTML5 Development Center
-- Windows Mobile Development Center
|
Reply With Quote
