What are the security issues with AJAX?The Ajax calls are sent in plain text format, this might lead to insecure database access. The data gets stored on the clients browser, thus making the data available to anyone. It also allows monitoring browsing sessions by inserting scripts.
AJAX function calls are sent in plain text to server. These calls may easily reveal database details, variable names etc
User’s browsing session can be monitored my maliciously inserting scripts
Ajax may encourage developers to use multiple server side pages thereby introducing multiple entry points for attackers
- An AJAX interaction can only be made with the servers-side component from which the page was loaded.
- A proxy pattern could be used for AJAX interactions with external services.
- The application model should not be exposed as some user might be able to reverse engineer the application.
- HTTPS can be used to secure the connection when confidential information is being exchanged.