You are correct, but having AJAX handlers that spit out JSON in your server could be considered a "stupid server-side" mistake. And this client-side library almost askfor the developer to create such mistakes. Part of the problem is corrected with server side measures by using more then just cookies to identify a request.
It is my opinion after reading the articles about this problem that having a URL that returns JSON from a DB (I am not talking about sql injections here) is a stupid mistake and if I want to use motchkit in all it's capabilities, for now, I have to make this "stupid mistake", I can't even use the documented work around of putting a "while(1)" or comment the json that my server side app will put out. On Apr 3, 9:56 pm, "Matthew Kwiecien" <[EMAIL PROTECTED]> wrote: > Valerio's (of mootools fame) response when asked to comment on that > article: "Comment? On this bullshit? [...] Security is made server-side, > not client side. There is no such thing as security in javascript." > > Look, Bob's right. That fact of the matter is that Javascript can be changed > in any way, shape, or form by the user because it is completely executed on > the client side. It's stupid to think that you can make Javascript "secure". > Any security problem in Javascript is 100% because you did something stupid > server-side, such as take SQL via GET/POST. > > Don't blame good toolkits for bad programmers. ;p --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "MochiKit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/mochikit?hl=en -~----------~----~----~----~------~----~------~--~---
