Pops, there was a big discussion a few months back on this subject that you may benifit from. Do a search for "ajax securing"; there was also another big discussion that happened a few months back that I had bookmarked, but just recently deleted my bookmarks and I could not find it easily in the group. But that search should get you going.
Hope this helps. On 8/9/07, Pops <[EMAIL PROTECTED]> wrote: > > > I have a generic security question related to AJAX: > > Are there any established technique, method or recommendation on how a > server can distinquish a AJAX call versus a LINK call vs a manual > ADDRESS BAR call? > > Is the Http request header Referrer, one method to consider? > > Now that we are doing more AJAX calls, we see that we need to make > sure we have control over how unrestricted AJAX calls are done. I > think we already concluded that we will restrict any AJAX calll to our > web services to a POST only. Not the best solution to address > injection vulnerabilities, but it might limit the population of would > be wannabe hackers. > > Comments? > > -- Benjamin Sterling http://www.KenzoMedia.com http://www.KenzoHosting.com
