thr3ads.net - Rails - [Rails] Is AJAX/RJS secure enough for enterprise data hanling? [Jun 2006]

If this information is useful, please help other people find it:
Share via:

Larry Kelly

2006-Jun-02 16:45 UTC

[Rails] Is AJAX/RJS secure enough for enterprise data hanling?

Sure, AJAX and RJS provide snappier performance by reducing the hits on the
server. But, is it easily hacked in a RoR application?  Can it be made as
secure as a non-ajax web -app?

-- 
Best Regards,
-Larry
"Work, work, work...there is no satisfactory alternative."
            --- E.Taft Benson
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://wrath.rubyonrails.org/pipermail/rails/attachments/20060602/06273ae4/attachment.html

Alex Wayne

2006-Jun-02 17:02 UTC

head link

[Rails] Re: Is AJAX/RJS secure enough for enterprise data hanling?

Larry Kelly wrote:> Sure, AJAX and RJS provide snappier performance by reducing the hits on 
> the
> server. But, is it easily hacked in a RoR application?  Can it be made 
> as
> secure as a non-ajax web -app?
There is nothing insecure about about AJAX.  An AJAX request and 
response is no more insecure than any other web request.  As long as you 
validate the credentials of all sensitive requests before the app does 
anything important, you will be fine.  Follow the same security rules 
for AJAX as you do for get and post requests and you will be fine.

The only difference between AJAX and a normal page request is that 
instead of loading a new page, the browser execute javascript in the 
current page instead.  The difference is entirely client side.

-- 
Posted via http://www.ruby-forum.com/.

Seemingly Similar Threads

Search for more possibly parallel threads

Rails - Jun 2006 - Is AJAX/RJS secure enough for enterprise data hanling?

[Rails] Is AJAX/RJS secure enough for enterprise data hanling?

[Rails] Re: Is AJAX/RJS secure enough for enterprise data hanling?

Seemingly Similar Threads