Sure, AJAX and RJS provide snappier performance by reducing the hits on
the
server. But, is it easily hacked in a RoR application? Can it be made
as
secure as a non-ajax web -app?
Larry K. wrote:
Sure, AJAX and RJS provide snappier performance by reducing the hits on
the
server. But, is it easily hacked in a RoR application? Can it be made
as
secure as a non-ajax web -app?
There is nothing insecure about about AJAX. An AJAX request and
response is no more insecure than any other web request. As long as you
validate the credentials of all sensitive requests before the app does
anything important, you will be fine. Follow the same security rules
for AJAX as you do for get and post requests and you will be fine.
The only difference between AJAX and a normal page request is that
instead of loading a new page, the browser execute javascript in the
current page instead. The difference is entirely client side.