The other style of AJAX framework, a client
framework, generally functions as an aide to a developer writing a new AJAX application.
These frameworks focus on providing the developer with a number of prewritten widgets
and effects that they can easily incorporate into their AJAX applications.
The differences between the two styles of frameworks, including how they transfer data
between the client and server and how you determine which framework is in use, are
explored in more detail in Chapter 6. Due to the differences in functionality these two classes
of AJAX frameworks provide, they will be analyzed in different ways in this chapter.
This chapter covers several AJAX frameworks of both the proxy and client types. For
each server framework, information is provided about the framework, common installation
steps, and their potential effect on security. A discussion of common exposures that
could lead to security issues is also included.
While they will be marked with the ???Attack??? icon, these issues are not in and of themselves attacks but
rather exposures that could easily lead to security issues.
In the case of client frameworks, information is provided here about the framework
as well as a discussion of a main attack surface, the serialization format.
Pages:
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322