Monday, December 04, 2006

Web 2.0 security issues with use of AJAX

With introduction of AJAX there arose a real security issue considering visitors and registered users of the popular websites. For example using ajax hidden queries to web server and store user data or perform certain actions as if logged in user performed them. These are described on several places and possible secutiry measures that can be taken against them can be found on A list apart article Community Creators, Secure Your Code!. Also there is a report released by Finjan about web secutirty issues .

Web 2.0 Security Scares by ZDNet's Richard MacManus -- For web-based businesses like Google and MySpace, AJAX flings open the door to new malware propagation methods few things are more scary than malicious attacks on the code of your websites or apps. And in this web 2.0 era, new threats have emerged that specifically target Ajax websites. Web security firm Finjan recently released a report [...]
And in there are more and more web sites offering new and cool looking features and offering to integrate say slide show or video content or blog , myspace template to your account by requesting your login details. And they definitely assure you that your login details will not be stored or used in any other way. Some of these web sites may be reliable like slide.com or others but by offering such option makes users to think that it is popular way for integrating content and there is nothing to worry. Which will make them to neglect this threat on other websites that they don't know and may be real threat for them.

No comments: