Be careful everyone.  Ensure you are protected.


http://news.com.com/8301-...&tag=2547-1040_3-0-10

Seriously, we at PlusNet are looking at using more of Ajax and we have to be very careful at what we expose.  There's always a temptation to jump at the newest buzzword, and Ajax has proved no different for many organisations.  But if people are not careful they could overlook a generation of security concepts and techniques and leave their sites wide open.

I know there are a lot of developers within our userbase and community, so I'm going to be encouraging our very own developers to contribute to this community and share their ideas, thoughts, concerns and lessons.  We may even start our own developer forum within this site.  I'd expect we could learn from our online community just as the community could learn from us.

Dan

Hi Dan,

I'd be willing to get involved in this discussion if you like - I use AJAX a lot (almost exclusively) at a very large broadcasting organisation, to make fantastically dynamic web sites and web applications, and I'm looking to use it to pull information into web sites from various sources to make them more dynamic and easier to maintain.

However, you can't do cross-site AJAX (currently) due to security on the browser, unless you use dynamic JavaScript and JSON, which I think is pretty iffy at the mo'.

Oh, and Hoffman's a scaremonger - none of the issues he cites arise if you write your code properly 

Cheers,

Steve
http://hogsmill.com