US Government Security suggestions would disable AJAX based applications

News

Personal Blog

Work Blog

Navigation

.NET

Book Authors

Business

Family

More Wally

Friends

Georgia Tech Bloggers

Personal

US Government Security suggestions would disable AJAX based applications

http://news.com.com/The+feds+weigh+in+on+Windows+security/2100-7348_3-6172158.html?tag=nefd.lede

http://csrc.nist.gov/itsec/SP800-68-20051102.pdf

According to these two articles, the new US Government suggested setups for Windows XP and Windows Vista would disable AJAX based application. My guess is that this won't go very far, but from a developer standpoint, I have a lot of concerns regarding the limited functionality that this would require of a web application. Personally, I don't want to go back to 3270 terminals, erm, I mean standard postbacks to get new data. Aren't we beyond this?

Posted: Apr 02 2007, 08:37 AM by Wallym | with 2 comment(s)

Filed under: AJAX, Community News

Comments

MW said:

As far as we have come the technologies still fail to mitigate security concerns.

# April 2, 2007 9:51 AM

Dan Kahler said:

Hey Wally -

The way I read these, JavaScript would be disabled through the use of "Internet Explorer Protected Mode". AJAX-style applications would still be viable on "approved" sites that the users or administrators had added to the Trusted Sites zone.

IMO, the hard parts for using AJAX on internal apps would probably be 1) convincing the approvers that site-retricted use of javascript on internal trusted sites does not constitute a reduction in security, and 2) ensuring that developers still keep Section 508 compliance in mind as they're incorporating AJAX-enabled features.

# April 2, 2007 11:48 AM

Wallace B. McClure

Recent Posts

Tags

News

Navigation

.NET

Book Authors

Business

Family

Friends

Georgia Tech Bloggers

Personal

Archives

US Government Security suggestions would disable AJAX based applications

Comments

MW said:

Dan Kahler said: