[jQuery] Re: jQuery for DoD web hosting
Wouldn't this apply to any Ajax functions in any JS framework? Rey, how do you suppose they are billing this as a potential security hole for unauthorized access? I just don't see it. I was really hoping Chris would contact me. On Jan 14, 4:51 pm, Rey Bango r...@reybango.com wrote: Hey Chris, I understand. Unfortunately, without more details, it's going to be very hard for us to help. If you can get us more info, we're here to listen and help. Rey...On Thu, Jan 14, 2010 at 4:45 PM, ChrisM manni...@gmail.com wrote: Rey, thanks for getting back to me. The issues were flagged as cross- site scripting, saying a call to getScript, getJSON etc. leaves the door open for unauthorized requests. Even though we are sure that we could use this safely in an application, we are at the mercy of the scan results. Sorry that I can't share more information. Thanks, Chris
[jQuery] Re: jQuery for DoD web hosting
Chris, Check your gmail. I wrote you with some info. Justin On Jan 14, 2:43 pm, Rey Bango r...@reybango.com wrote: Hi Chris, Thanks for the email. I think the best way to help us is to provide us with detailed information as to what your security team is having issues with. XHR in itself is not a security issue but more in the way that a developer manages the requests/responses. If there are specific concerns, maybe we can help to address them. Rey... On Thu, Jan 14, 2010 at 1:13 PM, ChrisM manni...@gmail.com wrote: Hello, I work on a US Army website and have been using jQuery and UI for some time. We have started working on a dynamic hosting environment (instead of serving flat html pages) and in the process, ajax functions in jQuery 1.3.2 have been flagged as insecure by our DoD security team. Although I know that these functions pose no real security risk whatsoever, I had no choice but to remove them to get jQuery past security scans to a .mil server. Now removing some functionality wasn't a problem for me since I am pretty familar with jQuery. However, I wanted to suggest that you consider hosting a secure version of jQuery, without the ajax functions currently in 1.3, to assist people newer to jQuery who may be working in a locked down environment. Thanks, Chris
[jQuery] What software distributes jQuery?
I know that MS Visual Studio 2010 will ship with jQuery. Are there any products that currently distribute jQuery? For instance, Adobe Dreamweaver ships with Adobe's framework, Spry. My inquiry regards an Application Server or an IDE.
