[LINK] AJAX May Be Considered Harmful

Roger Clarke Roger.Clarke at xamax.com.au
Mon Jan 8 14:13:57 AEDT 2007

At 11:49 +0900 8/1/07, brd at iimetro.com.au wrote:
>The paper is called 'Subverting AJAX'
>(pdf), and outlines a possible Web Worm that lives in the very 
>fabric of Web 2.0
>and could kill the Web as we know it."

Unsurprisingly, the server's suffering overload ...

Note the pre-counter at
An anonymous reader writes
"Jeremiah Grossman (CTO of WhiteHat Security) has published 
Myth-Busting - an article dismissing the hyped-up claims that AJAX is 
insecure. He says: 'The hype surrounding AJAX and security risks is 
hard to miss. Supposedly, this hot new technology responsible for 
compelling web-based applications like Gmail and Google Maps harbors 
a dark secret that opens the door to malicious hackers. Not exactly 
true ... Word on the cyber-street is that AJAX is the harbinger of 
larger attack surfaces, increased complexity, fake requests, denial 
of service, deadly cross-site scripting (XSS) , reliance on 
client-side security, and more. In reality, these issues existed well 
before AJAX. And, the recommended security best practices remain 

Roger Clarke                  http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in Info Science & Eng  Australian National University
Visiting Professor in the eCommerce Program      University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW

More information about the Link mailing list