[LINK] AJAX May Be Considered Harmful
Roger Clarke
Roger.Clarke at xamax.com.au
Mon Jan 8 14:13:57 AEDT 2007
At 11:49 +0900 8/1/07, brd at iimetro.com.au wrote:
>The paper is called 'Subverting AJAX'
><http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf>
>(pdf), and outlines a possible Web Worm that lives in the very
>fabric of Web 2.0
>and could kill the Web as we know it."
Unsurprisingly, the server's suffering overload ...
Note the pre-counter at
http://it.slashdot.org/it/06/12/01/1634203.shtml
An anonymous reader writes
"Jeremiah Grossman (CTO of WhiteHat Security) has published
Myth-Busting - an article dismissing the hyped-up claims that AJAX is
insecure. He says: 'The hype surrounding AJAX and security risks is
hard to miss. Supposedly, this hot new technology responsible for
compelling web-based applications like Gmail and Google Maps harbors
a dark secret that opens the door to malicious hackers. Not exactly
true ... Word on the cyber-street is that AJAX is the harbinger of
larger attack surfaces, increased complexity, fake requests, denial
of service, deadly cross-site scripting (XSS) , reliance on
client-side security, and more. In reality, these issues existed well
before AJAX. And, the recommended security best practices remain
unchanged.'"
--
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in Info Science & Eng Australian National University
Visiting Professor in the eCommerce Program University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
More information about the Link
mailing list