×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Experts Say Ajax Not Inherently Insecure

chefjoeardee Re:Where the heck did this hype come from? (82 comments)

Gah. I hate to keep posting things repeatedly but my thinking is fragmented today :)

I don't think it's similar to a FORM at all, you can get the user to access other sites that they wouldn't normally access and get a parseable response from that site (as I mentioned above). I plan on testing this out some more with a friend of mine to see if I can grab their modems information remotely.

If you're using AJAX in a legitimate fashion (eg, requesting information from the original server) then yeah, it is as simple as a FORM request (maybe some session verification with PHP) but this manner I just outlined completely defeats that.

more than 7 years ago

Submissions

chefjoeardee hasn't submitted any stories.

Journals

chefjoeardee has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?