On Fri, August 3, 2007 8:39 am, Jay Blanchard wrote:
> One of my developers saw the following article;
>
> http://arstechnica.com/news.ars/post/20070802-security-experts-warn-deve
> lopers-about-the-risks-of-premature-ajax-ulation.html
>
> How are you securing Ajax? I know that for the most part we
At 1:17 PM -0500 8/3/07, Jay Blanchard wrote:
All of my PHP/Ajax functions are in one file (per application) with a
case for each one. I apply typical scrubbing to this too, so I never use
stuff as is either. I guess I could take the step of using php to
obscure the javascript code.
You really
[snip]
First, the subject title is LOL.
[/snip]
I know... I wish I had thought of it!
[snip]
Second, I don't know about others but every ajax post/get data
received is treated like any other post/get data -- it's validated
and scrubbed.
Most ajax data provided in my scripts are there to trigge
At 8:39 AM -0500 8/3/07, Jay Blanchard wrote:
How are you securing Ajax? I know that for the most part we send data to
a PHP script for processing, so all of the normal rules for sending that
data apply (mysql_real_escape_string(), etc.)
Jay:
First, the subject title is LOL.
Second, I don't k
Jay Blanchard wrote:
One of my developers saw the following article;
http://arstechnica.com/news.ars/post/20070802-security-experts-warn-deve
lopers-about-the-risks-of-premature-ajax-ulation.html
How are you securing Ajax? I know that for the most part we send data to
a PHP script for processin
Stut wrote:
Validation, validation, validation. The big danger with doing anything
on the client-side is that it's all to easy to fall into blindly
trusting what the client is giving you, even the smallest assumption
can create a big hole in your app.
Don't assume events will happen the way y
Jay Blanchard wrote:
One of my developers saw the following article;
http://arstechnica.com/news.ars/post/20070802-security-experts-warn-deve
lopers-about-the-risks-of-premature-ajax-ulation.html
How are you securing Ajax? I know that for the most part we send data to
a PHP script for processin
One of my developers saw the following article;
http://arstechnica.com/news.ars/post/20070802-security-experts-warn-deve
lopers-about-the-risks-of-premature-ajax-ulation.html
How are you securing Ajax? I know that for the most part we send data to
a PHP script for processing, so all of the normal
8 matches
Mail list logo
