Hi I am wondering about best practices for Internet Application security. I am assuming that the login process should be done using HTTPS so that the user name and password are not sent in plain text. However how should ajax calls be handled? I do not want just anyone accessing data via ajax commands so it seems to me that each request must be authenticated in some way. What mechanisms are people using to ensure that requests come from authorized users.
Secondly data is been sent back via json which in many cases should also not be visible so does that mean the entire application should be run using HTTPS? Thanks, Simon ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure _______________________________________________ qooxdoo-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
