Logo

Navigation
  • Home
  • Services
    • ERP Solutions
    • Implementation Solutions
    • Support and Maintenance Solutions
    • Custom Solutions
    • Upgrade Solutions
    • Training and Mentoring
    • Web Solutions
    • Production Support
    • Architecture Designing
    • Independent Validation and Testing Services
    • Infrastructure Management
  • Expertise
    • Microsoft Development Expertise
    • Mobile Development
    • SQL Server Database and BI
    • SAP BI, SAP Hana, SAP BO
    • Oracle and BI
    • Oracle RAC
  • Technical Training
    • Learn Data Management
      • Business Intelligence
      • Data Mining
      • Data Modeling
      • Data Warehousing
      • Disaster Recovery
    • Learn Concepts
      • Application Development
      • Client Server
      • Cloud Computing Tutorials
      • Cluster Computing
      • CRM Tutorial
      • EDI Tutorials
      • ERP Tutorials
      • NLP
      • OOPS
      • Concepts
      • SOA Tutorial
      • Supply Chain
      • Technology Trends
      • UML
      • Virtualization
      • Web 2.0
    • Learn Java
      • JavaScript Tutorial
      • JSP Tutorials
      • J2EE
    • Learn Microsoft
      • MSAS
      • ASP.NET
      • ASP.NET 2.0
      • C Sharp
      • MS Project Training
      • Silverlight
      • SQL Server 2005
      • VB.NET 2005
    • Learn Networking
      • Networking
      • Wireless
    • Learn Oracle
      • Oracle 10g
      • PL/SQL
      • Oracle 11g Tutorials
      • Oracle 9i
      • Oracle Apps
    • Learn Programming
      • Ajax Tutorial
      • C Language
      • C++ Tutorials
      • CSS Tutorial
      • CSS3 Tutorial
      • JavaScript Tutorial
      • jQuery Tutorial
      • MainFrame
      • PHP Tutorial
      • VBScript Tutorial
      • XML Tutorial
    • Learn Software Testing
      • Software Testing Types
      • SQA
      • Testing
  • Career Training
    • Career Improvement
      • Career Articles
      • Certification Articles
      • Conflict Management
      • Core Skills
      • Decision Making
      • Entrepreneurship
      • Goal Setting
      • Life Skills
      • Performance Development
      • Personal Excellence
      • Personality Development
      • Problem Solving
      • Relationship Management
      • Self Confidence
      • Self Supervision
      • Social Networking
      • Strategic Planning
      • Time Management
    • Education Help
      • Career Tracks
      • Essay Writing
      • Internship Tips
      • Online Education
      • Scholarships
      • Student Loans
    • Managerial Skills
      • Business Communication
      • Business Networking
      • Facilitator Skills
      • Managing Change
      • Marketing Management
      • Meeting Management
      • Process Management
      • Project Management
      • Project Management Life Cycle
      • Project Management Process
      • Project Risk Management
      • Relationship Management
      • Task Management
      • Team Building
      • Virtual Team Management
    • Essential Life Skills
      • Anger Management
      • Anxiety Management
      • Attitude Development
      • Coaching and Mentoring
      • Emotional Intelligence
      • Stress Management
      • Positive Thinking
    • Communication Skills
      • Conversation Skills
      • Cross Culture Competence
      • English Vocabulary
      • Listening Skills
      • Public Speaking Skills
      • Questioning Skills
    • Soft Skills
      • Assertive Skills
      • Influence Skills
      • Leadership Skills
      • Memory Skills
      • People Skills
      • Presentation Skills
    • Finding a Job
      • Etiquette Tips
      • Group Discussions
      • HR Interviews
      • Interview Notes
      • Job Search Tips
      • Resume Tips
      • Sample Resumes
 

The Security Aspects of Ajax

By Exforsys | on March 22, 2007 |
Ajax Tutorial

The Security Aspects of Ajax

Security is an important part of Ajax that must be taken into consideration. While Ajax is the subject of a lot of hype, security is something that developers must look at carefully. This new technology is popular because of its ability to create pages which are highly dynamic and interactive. It has also been popularized because of its ability to generate pages that don’t need to be reloaded.

However, it has also been the subject of controversy due to its vulnerability to hackers. While the truth of this is up for debate, the issue of security is something that should be discussed, both by developers and companies that are interested in using Ajax for their web applications or websites.

The biggest problem with Ajax security is that it is hard to separate facts from myths. If this collection of technologies is to be successful on the web, myths must be replaced with facts. It should first be noted that Ajax is not the single most important factor in determining whether or not a website will be secure. However, you must have a knowledge of what it is responsible for. Ajax is a collection of technologies that are closely related to browsers. If a page is built with Ajax, the data in the background may be formatted with things such as XML or JavaScript. This information must be sent to the server. With applications such as Gmail, email messages which are new must be shown as they arrive instantly.

With applications such as Google Maps, the user may perform a mouse drag through street maps while not having to visit any more pages. The system which allows these data transfers to take place are software libraries that are embedded with objects that are called XMLHTTPRequest objects. It is this object that plays a role in a website truly using Ajax. Without it, the website can simply be called a fancy JavaScript site. As you read this, you may be wandering what it has to do with security. I mean after all, Ajax is supposed to make the web more interactive, correct? The answer to this question is yes. Nothing is altered on the web server, and this is where security is supposed to be present.

Now that you know this, you may be wandering what all the fuss is about. Many people have said that Ajax invites attacks, requests which are fake, and worst of all, a denial of service. However, it is important for people to realize that these issues existed long before the introduction of Ajax, and they will exist even if Ajax does not live up to all the hype. The most important security practices must be used whether you are utilizing Ajax or another technology. I’m primarily concerned with the issues that are the most important. All the evidence shows that Ajax is not responsible for large attack surfaces. The phrase "attack surface" is used to describe the process of analyzing the portions of the system that are most likely to be compromised.

In the case of software, these points are the places where data output and input can be altered by someone who is not authorized to do it. If your program has a small attack surface, it will be much easier to secure the system. If it has a large attack surface, it will be harder. With most web applications, the attack surface is heavily dependent on the programming that was used to create it. Whether or not the application uses Flash or Ajax is totally irrelevant.

Ajax is a technology that is closely related to web browsers. There is no need for it to be executed on the server. It should also be noted that many developers have said that Ajax is not more complicated than standard applications.

Believe it or not, Google Maps is much more simple that Craigslist, even though Google Maps is designed with Ajax. Just because something is designed with a new technology does not always mean it is more complex than existing technologies. In the case of web applications, this also doesn’t mean that it is less secure. Many Ajax applications are built on platforms that are much more secure than older technologies.

« « The Potential of Web 2.0
The Design Aspects of Web 2.0 » »

Author Description

Avatar

Editorial Team at Exforsys is a team of IT Consulting and Training team led by Chandra Vennapoosa.

Free Training

RSSSubscribe 392 Followers
  • Popular
  • Recent
  • How Ajax Has Become More Standardized

    March 26, 2007 - 0 Comment
  • How Ajax Can Improve Web Applications

    March 29, 2007 - 0 Comment
  • How Ajax Can Become as User Friendly as Flash

    March 30, 2007 - 0 Comment
  • Ajax Graphics Enhancement Tools

    April 5, 2007 - 0 Comment
  • Introduction to Ajax

    June 13, 2006 - 0 Comment
  • The Power of Ajax

    April 16, 2007 - 0 Comment
  • Ajax, Web Services & XML Part I

    July 16, 2006 - 0 Comment
  • Ajax, Web Services & XML Part II

    July 16, 2006 - 0 Comment
  • Making Ajax Accessible

    March 14, 2007 - 0 Comment
  • Ajax Challenges

    March 14, 2007 - 0 Comment
  • The Power of Ajax

    April 16, 2007 - 0 Comment
  • Ajax Graphics Enhancement Tools

    April 5, 2007 - 0 Comment
  • How Ajax Can Become as User Friendly as Flash

    March 30, 2007 - 0 Comment
  • How Ajax Can Improve Web Applications

    March 29, 2007 - 0 Comment
  • How Ajax Has Become More Standardized

    March 26, 2007 - 0 Comment
  • Advantages and Disadvantages of Ajax

    March 24, 2007 - 0 Comment
  • Ajax Framework

    March 17, 2007 - 0 Comment
  • Ajax Challenges

    March 14, 2007 - 0 Comment
  • Making Ajax Accessible

    March 14, 2007 - 0 Comment
  • Ajax, Web Services & XML Part II

    July 16, 2006 - 0 Comment

Exforsys e-Newsletter

ebook
 

Related Articles

  • The Power of Ajax
  • Ajax Graphics Enhancement Tools
  • How Ajax Can Become as User Friendly as Flash
  • How Ajax Can Improve Web Applications
  • How Ajax Has Become More Standardized

Latest Articles

  • Project Management Techniques
  • Product Development Best Practices
  • Importance of Quality Data Management
  • How to Maximize Quality Assurance
  • Utilizing Effective Quality Assurance Strategies
  • Sitemap
  • Privacy Policy
  • DMCA
  • Trademark Information
  • Contact Us
© 2023. All Rights Reserved.IT Training and Consulting
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.AcceptReject Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT