0sec06 - 1.0
0sec 2006
a private security event for friends
| Speakers | |
|---|---|
|
Schnitz |
| Schedule | |
|---|---|
| Day | 3 |
| Room | Talk |
| Start time | 13:00 |
| Duration | 01:00 |
| Info | |
| ID | 6 |
| Type | Lecture |
| Track | Talks |
| Language | English |
Web 2.0 creates a need for a more secure web?
On the security implications of AJAX and how XForms may in fact be considerably more secure while offering many of the same benefits:
JavaScript is not a problem that can be solved by encouraging good web programming. It is about deliberate malicious attacks using a powerful programming language that, by design, bypasses firewalls, virus-protection, and anything else you have in place to run on your computer - unannounced. If anything, AJAX only shows how powerful it is, because JavaScript's current use in 'Web 2.0' websites was never foreseen by its creators.
AJAX can be replaced by a safer way to create Web 2.0 application - XForms. XForms, a dialect of XML, is precisely designed to allow the sort of asynchronous jiggery-pokery used in AJAX, and can be integrated with safe server side scripts to have the same effect.