In an interesting ars technica posting about AJAX the dangers of relying on AJAX verification are well outlined.
It's important to remember that since AJAX runs on the client it is liable to being interfered with and manipulated. It's vitally important to ensure that important
business logic is implemented on the server side.
AJAX is really useful in improving the user experience, making sites more interactive and useful. However, data with any importance needs to be (re)verified on the server where the web side provider has secure control.
While this does mean a duplication of effort - client side for the user experience / server side for security and reliability - it has to be done.
It's important to remember that since AJAX runs on the client it is liable to being interfered with and manipulated. It's vitally important to ensure that important
business logic is implemented on the server side.
AJAX is really useful in improving the user experience, making sites more interactive and useful. However, data with any importance needs to be (re)verified on the server where the web side provider has secure control.
While this does mean a duplication of effort - client side for the user experience / server side for security and reliability - it has to be done.
Comments
Post a Comment