Che dire... Come al solito con le nuove tecnologie la security arriva sempre un po' dopo (i web service che passavano in plain text senza autenticazione vi ricordano nulla...).
Mi chiedo che mondo sarebbe se prima di partire a spron battuto si facesse un po' di Threat Analysis...
The warning flags are going up about the increasing use of AJAX in Web applications. It seems as though we're increasing the usability of our apps while dropping our guard on security issues. There's a great post by Dan Sellerson multiple potential vulnerabilities in the misuse of thetechnology. Here are some of the issues Dan discusses:Web services left wide open to denial-of-service attacks on endpointsBroader attack surfaces created when the attacker can see function names, variables,...(read more)
Link to AJAX: A Hacker's Dream?