O'Reilly logo

Securing Ajax Applications by Christopher Wells

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Security Concerns

So, we still have this big elephant of a paradox hanging out in the room. How do we open up all this functionality, share all this data, and call it secure at the same time?

Are we really supposed to just hand out whatever anyone asks for just because they asked? Well, no, of course not. But how are you going to know who asked for the data? Or that the service you're trying to use is legit? How is the incoming data being validated? Does it contain malicious code? What kind of data are we exposing? Who are we exposing it to? Where is the Security 2.0 to go along with Web 2.0?

Authentication

Psst! Hey, buddy? Wanna buy an iPod real cheap? There's a reason why people are more likely to buy an iPod from someplace like Best Buy rather than from Fast Freddie down at the end of the block, sporting a well-stocked trench coat: authenticity—sounds an awful lot like authentication, doesn't it? You know, authentic—worthy of trust. Or better still, verifiable origin. With Best Buy you know where the iPod came from, but with Fast Freddie you don't.

A store like Best Buy needs a verifiable origin. That way it can show you that it is dependable, you know where to find it, and it is not going to go anywhere. The same holds true for web sites too. It is easy to fake a web site. It is easy to make someone believe she is at a legitimate web site. I don't know about you, but I would feel much more comfortable purchasing items from a well-known online retailer such as eBay or Amazon than ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required