Once
exposed, functionality or information such as this can thoroughly compromise the
security of the web application. In addition, each AJAX framework offers different levels
of built-in protections for web applications that use it. For example, some AJAX
frameworks offer built-in protection for cross-site request forgery (CSRF) attacks, while
others require that developers build their own protections into their applications.
Two different styles of AJAX frameworks can have significantly different impacts on the
security of a web application. The first type of framework is known as a proxy or server
framework. This style of framework is generally installed on the web server along with the
web application. Once installed, it acts as a proxy between the web application on the server
and the client. The proxy framework first creates JavaScript that describes the methods that
the web application on the server contains. This JavaScript is then sent down to the client so
that when the client wants to call methods on the server, the request is sent to the proxy first,
which then reformats the request and passes on the method to the server. The data that
results from the call is then passed from the server to the proxy, which reformats the data
and sends it down to the JavaScript in the client.
Pages:
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321