Hi Andy, Apart from Ray's feedback, also keep in mind that the security issues with Ajax typically stem from using eval() on JSON packets and external JS scripts. While not all-inclusive, of late this has been the biggest attack vector for hackers looking to exploit JS weaknesses.
This article will give you some additional info: http://www.ibm.com/developerworks/library/x-ajaxsecurity.html Rey... Andy Chen wrote: > Thanks... nice read. > > So the easiest way to add another layer of Ajax security is the Prefix > serialized JSON option in CF Admin but from I understand, it won't break > anything either right? Sort of like the supress white space function. > >> Have you seen my blog posts on CF8 and Ajax Security? >> >> http://www.coldfusionjedi.com/index. >> cfm/2007/7/31/ColdFusion-8-Ajax-Security-Features >> >> On 8/30/07, Andy Chen <[EMAIL PROTECTED]> wrote: >>> Not sure how many attended but I attended today's eSeminar - Beyond >> HTML: using Ajax, PDF, and more to create engaging applications with >> ColdFusion 8. >>> Some people were worried about AJAX security and how easy it is to >> "hack" RIA (Rich Internet Applications). My take is AJAX is almost >> like a web service. It allows you to access common information easily. >> Anything which writes to a database, I have more checks in place >> (checking UUIDs and various form fields) to prevent someone from just >> messing around with it. >>> For my current project, it's an intranet one so I am not too worried >> about security but is there something even more dangerous that I might >> be missing when using AJAX that I might not of thought about? >>> > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Get the answers you are looking for on the ColdFusion Labs Forum direct from active programmers and developers. http://www.adobe.com/cfusion/webforums/forum/categories.cfm?forumid-72&catid=648 Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:287531 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
