Secure AJAX Web Applications
Scott Dietzen of Zimbra posted a decent article about security issues in AJAX web applications.
Ajax security considerations. Subject to the additional precautions enumerated below, Ajax applications can be made as highly-secure as the web technologies upon which the Ajax model is based.
The article mentions several issues and Scott has put some thoughts in how to secure their enterprise Outlook replacement, Zimbra.
- Use SSL/TLS (i.e., HTTPS)
- No server-side interpretation of JavaScript or other client-submitted code
- Limited or no client-side interpretation of JavaScript within user data
- RESTful URLs: No HTTP GET requests modify data (only POST or PUT requests)
Technorati Tags: zimbra, ajax, javascript, web2.0, security, web development