Published on 2005-08-15 10:38:31

Earle Castledine have posted an article on DevX titled Using the XMLHttpRequest Object and AJAX to Spy On You, showing the evil side of AJAX applications. The example he provided is convincing which is the use of eval to load and run another javascript.

But I'm wondering why this manipulation, if a javascript is malicious it is !! and it could be loaded without need of AJAX, and its called a Javascript Bug. But what I'll say is that there is probably bugs with javascript implementations, there is also bugs with server side programming languages, but security issues are always related to programmer's code

A programmer can make his code secure using common protections depending on the programming language he's using. The question now is which website can we trust !! And the answer there is many ways to trust a website : use of certificate, privacy policy ..., otherwise there is even CSS exploit that could be used to spy on users.

• Javeline DeskRun, enables Web applications to run as native Windows programs
• TV Listings online with an AJAX based interface
• Best Practices: Implementing javascript for rich internet applications
• Pyjamas, the GWT for Python

• Train to become Chef in Seattle!
• [Contact us]

Member of the PHP Magazine Network, Copyright (C) 2005-2008 phpmagazine.net All Rights Reserved