AJAX – Security

 

AJAX Security: Server Side

·        AJAX-based Web applications use the same server-side security schemes of regular Web applications.

·        You specify authentication, authorization, and data protection requirements in your web.xml file (declarative) or in your program (programmatic).

·        AJAX-based Web applications are subject to the same security threats as regular Web applications.

AJAX Security: Client Side

·        JavaScript code is visible to a user/hacker. Hacker can use JavaScript code for inferring server-side weaknesses.

·        JavaScript code is downloaded from the server and executed ("eval") at the client and can compromise the client by mal-intended code.

·        Downloaded JavaScript code is constrained by the sand-box security model and can be relaxed for signed JavaScript.