«
»

Secure AJAX Web Applications

Scott Dietzen of Zimbra posted a decent article about security issues in AJAX web applications.

Ajax security considerations. Subject to the additional precautions enumerated below, Ajax applications can be made as highly-secure as the web technologies upon which the Ajax model is based.

The article mentions several issues and Scott has put some thoughts in how to secure their enterprise Outlook replacement, Zimbra.

  • Use SSL/TLS (i.e., HTTPS)
  • No server-side interpretation of JavaScript or other client-submitted code
  • Limited or no client-side interpretation of JavaScript within user data
  • RESTful URLs: No HTTP GET requests modify data (only POST or PUT requests)

Zimbra blog: Securing Ajax.

Technorati Tags: , , , , ,

This entry was posted by Jesper Rønn-Jensen on Sunday, September 10th, 2006 at 21:49 (GMT-1) and is filed under AJAX, Security, Web Development. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.