Larry Kelly
2006-Jun-02 16:45 UTC
[Rails] Is AJAX/RJS secure enough for enterprise data hanling?
Sure, AJAX and RJS provide snappier performance by reducing the hits on the server. But, is it easily hacked in a RoR application? Can it be made as secure as a non-ajax web -app? -- Best Regards, -Larry "Work, work, work...there is no satisfactory alternative." --- E.Taft Benson -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060602/06273ae4/attachment.html
Alex Wayne
2006-Jun-02 17:02 UTC
[Rails] Re: Is AJAX/RJS secure enough for enterprise data hanling?
Larry Kelly wrote:> Sure, AJAX and RJS provide snappier performance by reducing the hits on > the > server. But, is it easily hacked in a RoR application? Can it be made > as > secure as a non-ajax web -app?There is nothing insecure about about AJAX. An AJAX request and response is no more insecure than any other web request. As long as you validate the credentials of all sensitive requests before the app does anything important, you will be fine. Follow the same security rules for AJAX as you do for get and post requests and you will be fine. The only difference between AJAX and a normal page request is that instead of loading a new page, the browser execute javascript in the current page instead. The difference is entirely client side. -- Posted via http://www.ruby-forum.com/.