Member Sign In
Not a member?

A Wired.com user account lets you create, edit and comment on Webmonkey articles. You will also be able to contribute to the Wired How-To Wiki and comment on news stories at Wired.com.


It's fast and free.

Sign in with OpenID
Sign In
Webmonkey is a property of Wired Digital.
processing...
Join Webmonkey
Please send me occasional e-mail updates about new features and special offers from Wired/Webmonkey.
Yes No
Please send occasional e-mail offers from Wired/Webmonkey affiliated web sites and publications, and carefully selected companies.
Yes No
I understand and agree that registration on or use of this site constitutes agreement to Webmonkey's User Agreement and Privacy Policy.
Webmonkey is a property of Wired Digital.
processing...

Retrieve Sign In

Please enter your e-mail address or username below. Your username and password will be sent to the e-mail address you provided us.

or
Webmonkey is a property of Wired Digital.
processing...

Welcome to Webmonkey

A private profile page has been created for you.
As a member of Webmonkey, you can now:
  • edit articles
  • add to the code library
  • design and write a tutorial
  • comment on any Webmonkey article
Close
Webmonkey is a property of Wired Digital.

Sign In Information Sent

An e-mail has been sent to the e-mail address registered in this account.
If you cannot find it in your in-box, please check your bulk or junk folders.
Sign In
Webmonkey is a property of Wired Digital.

Buzz-Enabled Security

By Wired Blogs April 6, 2006 Categories: Web Basics

Hello, everybody. I’ll be filling in while our usual host is away. I’m late to this “blogging” phenomenon you young folks love so much, so please bear with me if my tags aren’t all quite closed yet.

Darknet.org.uk is running an essay called href="http://www.darknet.org.uk/2006/04/ajax-is-your-application-secure-enough/">AJAX: Is Your
Application Secure Enough? which, just as one might expect, explores the issue of
security in AJAX-fueled apps.

Most of the ground covered is applicable to any web application. If your habits are good with
regard to vetting user input and tracking user state (cookies, sessions, et alia), you
shouldn’t have to jump through additional hoops to secure your app once you’ve brought AJAX
on board.

Author Navaho Gunleg suggests tagging HTTP transactions with a pseudorandom token
to make them hard to spoof, which is a fine idea. Mr. Gunleg then exhorts the legions of
bored crackers to take advantage of all the poorly secured AJAX apps out there — yours is
not among them, I’m sure.

Tags: security
Post Comment Comments Permalink Print
Reddit Digg
 
Subscribe now

Special Offer For Webmonkey Users

WIRED magazine:
The first word on how technology is changing our world.

Subscribe for just $10 a year