The explosion of AJAX-enabled Web sites and applications has raised security concerns about this dynamic, XML-based technology. Most scripting technologies are restricted to the server or the client—not both, as is the case with Asynchronous JavaScript and XML. Combining scripting on both the client and server would be problematic enough with the introduction of dynamic URLs and data in both environments, but when these elements join with XML and a SOA-like execution paradigm, security concerns are serious. XML security vendor Forum Systems, for example, issued an AJAX security alert earlier this year, and version 2.1 of the Open Web Application Security Project Guide will include a chapter on AJAX.
展开▼
机译:启用AJAX的网站和应用程序的爆炸式增长引发了对这种基于XML的动态技术的安全性担忧。大多数脚本技术只限于服务器或客户端,而不能像异步JavaScript和XML那样仅限于服务器或客户端。在这两种环境中引入动态URL和数据时,将客户端和服务器上的脚本结合在一起将很成问题,但是当这些元素与XML和类似SOA的执行范例结合在一起时,安全性便很严重。例如,XML安全供应商Forum Systems在今年早些时候发布了AJAX安全警报,而《 Open Web Application Security项目指南》的2.1版将包括有关AJAX的一章。
展开▼
