What are the security issues with AJAX?

What are the security issues with AJAX?

The Ajax calls are sent in plain text format, this might lead to insecure database access. The data gets stored on the clients browser, thus making the data available to anyone. It also allows monitoring browsing sessions by inserting scripts.

AJAX function calls are sent in plain text to server. These calls may easily reveal database details, variable names etc

User’s browsing session can be monitored my maliciously inserting scripts

Ajax may encourage developers to use multiple server side pages thereby introducing multiple entry points for attackers

- A JavaScript can not access the local file system without the user's permission.
- An AJAX interaction can only be made with the servers-side component from which the page was loaded.
- A proxy pattern could be used for AJAX interactions with external services.
- The application model should not be exposed as some user might be able to reverse engineer the application.
- HTTPS can be used to secure the connection when confidential information is being exchanged.

Describe how to handle concurrent AJAX requests
How to handle concurrent AJAX requests - This is done by using JavaScipt closures. Functions can be written to handle such requests.
When should AJAX NOT be used?
When should AJAX NOT be used? - AJAX should not be used for critical data and transactions to avoid security breaches and to avoid situations...
How do you know that an AJAX request has completed?
readyState allows determining the request status. If the value is 4, it means that the request has been completed and response is then sent to the browser....
Post your comment