|
MarketingVOX: Though the programming language Asynchronous JavaScript and XML (AJAX), used to power web 2.0 applications like Kayak and Google Maps, is more popular than ever, its lack of security may put a damper on Web 2.0.
According to Information Week, SPI Dynamics demonstrated its security holes at the Black Hat USA 2007 conference.
The company showed several ways to break down a contrived AJAX-based website, HackerVacations.com, using readily available resources such as books and on the web. SPI was able to manipulate the site's flight pricing, seat selection, and other features.
Since AJAX makes greater use of the client, hackers have greater access to an application's code.
According to CMSWire, AJAX can also hurt the site ranking of a content-driven destination. If a URL's content is in a near-constant state of change, search engines neglect to index it.
The solution is for AJAX programmers to write code carefully, or abstain from using the code altogether. Another option is to obscure your source code.
AJAX is a popular component in web 2.0 offerings like GMail, popular among young professionals.
Related stories:
|
