Forum: Ruby on Rails Is AJAX/RJS secure enough for enterprise data hanling?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Ddc850a63a423c3ff963bdf3a097652f?d=identicon&s=25 Larry Kelly (ldk2005)
on 2006-06-02 18:46
(Received via mailing list)
Sure, AJAX and RJS provide snappier performance by reducing the hits on
the
server. But, is it easily hacked in a RoR application?  Can it be made
as
secure as a non-ajax web -app?
D0cd6b10e01bacb976b3b815a9c660bc?d=identicon&s=25 Alex Wayne (Guest)
on 2006-06-02 19:01
Larry Kelly wrote:
> Sure, AJAX and RJS provide snappier performance by reducing the hits on
> the
> server. But, is it easily hacked in a RoR application?  Can it be made
> as
> secure as a non-ajax web -app?

There is nothing insecure about about AJAX.  An AJAX request and
response is no more insecure than any other web request.  As long as you
validate the credentials of all sensitive requests before the app does
anything important, you will be fine.  Follow the same security rules
for AJAX as you do for get and post requests and you will be fine.

The only difference between AJAX and a normal page request is that
instead of loading a new page, the browser execute javascript in the
current page instead.  The difference is entirely client side.
This topic is locked and can not be replied to.