Ajax and security

I have been toying with Ajax on and off for a few months now. I like the idea and there seems to be a never ending stream of ajax samples, tools and ideas. What I have yet to see is how these calls are secured.

Maybe I am missing something, but I really don't think that I have seen any examples. Maybe I am just getting hung up on the fact that javascript is making the calls but I would like to see some concrete examples just to be sure. The way I see it is that there might be something in calling from javascript that throws something off. Its not as much the things that I might be looking for as much as the things that I don't know to look for.

I found this from Rob Hurlbut's blog. What I think is lacking is that many tutorials leave this kind of stuff out.



  • I'm not sure that AJAX is the best method for delivering secure content. Our method of dealing with this is to do the display logic with AJAX but a lot of our data entry still happens through HTTP POSTs on password protected pages.

    This sounds like XML-syndrome. In 1999, when XML was starting to become The Next Big Thing, every application I saw was XML top-to-bottom, despite the fact that XML doesn't solve every problem. This is the same thing, where there are people so excited about the square peg of AJAX that they're trying to pound it into holes of every shape.

    AJAX is nice and all and I've been using it for a long time, but it's not a universal solvent.

  • I think you're not seeing a lot because the main point of the article you've linked - it's just http requests. Nothing more, nothing less, same rules apply that have applied for the last 10 or so years. That doesn't mean people get it but it's nothing new.

Comments have been disabled for this content.