I found something at http://ajax.phpmagazine.net/ajax_security
I'm do more searchin here. Thanks. On Aug 9, 10:06 am, "Benjamin Sterling" <[EMAIL PROTECTED]> wrote: > Pops, there was a big discussion a few months back on this subject that you > may benifit from. Do a search for "ajax securing"; there was also another > big discussion that happened a few months back that I had bookmarked, but > just recently deleted my bookmarks and I could not find it easily in the > group. But that search should get you going. > > Hope this helps. > > On 8/9/07, Pops <[EMAIL PROTECTED]> wrote: > > > > > > > I have a generic security question related to AJAX: > > > Are there any established technique, method or recommendation on how a > > server can distinquish a AJAX call versus a LINK call vs a manual > > ADDRESS BAR call? > > > Is the Http request header Referrer, one method to consider? > > > Now that we are doing more AJAX calls, we see that we need to make > > sure we have control over how unrestricted AJAX calls are done. I > > think we already concluded that we will restrict any AJAX calll to our > > web services to a POST only. Not the best solution to address > > injection vulnerabilities, but it might limit the population of would > > be wannabe hackers. > > > Comments? > > -- > Benjamin Sterlinghttp://www.KenzoMedia.comhttp://www.KenzoHosting.com
