0
Welcome Guest! Login
0 items Join Now

Ajax vulnerable to attack???

Last Post
Search Topic
    • Bob Ateah's Avatar
    • Bob Ateah
    • Elite Rocketeer
    • Posts: 4521
    • Thanks: 0

    Ajax vulnerable to attack???

    Posted 18 years 2 weeks ago
    • I was reading this article and am somewhat concerned about the safety of using Ajax.
      Any thoughts from you RT'ers - just how concerned should we be?snippet from the article wrote:
      Fortify Software, which said it discovered the new class of vulnerability and has named it "JavaScript hijacking", said that almost all the major Ajax toolkits have been found vulnerable.
    • The member formerly known as Roland Deschain
      After your question is solved, please Edit your original post and choose the Solved message icon, thank you!
    #48528
    • Matthew's Avatar
    • Matthew
    • Hero Rocketeer
    • Posts: 299
    • Thanks: 0

    Re: Ajax vulnerable to attack???

    Posted 18 years 2 weeks ago
    • I'd be curious to see the actual anatomy of such an attack.

      AJAX is fundamentally untrustworthy since anything running on the user's machine should be considered suspect. If they have a trojan/virus/toolbar/whatever on there system, any AJAX script could be modified to do something that it should not do.

      AJAX, by its nature, cannot access resources on a different domain than the one that it is being run on, but there are possible ways around that as well (like using a PHP script as a proxy to access another domain).

      I'm not using AJAX in anything that I do (other than self contained widgets that use it), as none of the AJAX frameworks for Joomla! that I have looked at really wowed me, although I do have some long term projects that would benefit from it, so I'll keep you posted if I find anything.
    • www.gofftech.com Web Design
    #48760
    • Bob Ateah's Avatar
    • Bob Ateah
    • Elite Rocketeer
    • Posts: 4521
    • Thanks: 0

    Re: Ajax vulnerable to attack???

    Posted 18 years 2 weeks ago
    • Thanks Matthew.
      I am somewhat concerned that Moo.fx is apparently affected by this vulnerability.

      Here's another article on this situation (The Register).Snippet from the article wrote:
      The attack uses a <script> tag to get around the "Same Origin Policy" enforced by web browsers - traditional web applications aren't vulnerable as they don't use JavaScript for data transport.

      I just want to be informed about this situation, forewarned is forearmed.

      Cheers!
    • The member formerly known as Roland Deschain
      After your question is solved, please Edit your original post and choose the Solved message icon, thank you!
    #48785
    • Matthew's Avatar
    • Matthew
    • Hero Rocketeer
    • Posts: 299
    • Thanks: 0

    Re: Ajax vulnerable to attack???

    Posted 18 years 2 weeks ago
    • Well, perusing the article, it looks like the main vulnerability lies in sending sensitive data through Javascript. So, if using mooFX for graphics, you are probably fine.

      If you are writing a Web email app, though, and are communicating someone's email back and forth, and not using XML for the datastream, then you are tempting fate.

      Thanks for bringing this up, though, as I had not really even been thinking about security when evaluating AJAX platforms, and now I will.
    • www.gofftech.com Web Design
    #48799

Time to create page: 0.056 seconds