Another interesting paper passing through slashdot today is "AJAX: Is your application secure enough?" You can find it at http://www.darknet.org.uk/2006/04/ajax-is-your-application-secure-enough/
Looks to me like an interesting read, fwiw. Much as I like the interactiveness that AJAX brings to the game, I can't help but think that there's tons of room for major security mistakes to be made, if only due to the complexity of knowing what's going on at each tier of the app all the time. Cheers, Ken -- Kenneth R. van Wyk KRvW Associates, LLC http://www.KRvW.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php