Ajax Security : Server Side
AJAX-based Web applications use the same serverside security schemes of regular Web applications
You specify authentication, authorization, and data protection requirements in your web.xml file (declarative) or in your program (programatic)
AJAX-based Web applications are subject to the same security threats as regular Web applications
Ajax Security : Client Side
JavaScript code is visible to a user/hacker. Hacker can use the JavaScript code for inferring server side
weaknesses
JavaScript code is downloaded from the server and executed ("eval") at the client and can compromise the client by mal-intended code
Downloaded JavaScript code is constrained by sand-box security model and can be relaxed for signed JavaScript
|