Ajax technology could increase security threats

Ajax| Security

Analysts warn that organizations that consider using asynchronous JavaScript and XML (AJAX) technologies to create more dynamic Web pages need to make sure that they do not inadvertently open their web portals to other applications, and that these applications can be safe without using AJAX.

Analysts say that while Ajax itself does not create a new security risk, it is highly likely to expand the severity of several security threats that are already well understood, including SQL data concealment (SQL injections), cross-site scripting (cross-site scripting) and service denial of attack.

There is a related case: This week's yamanner mass mail worm. In this case, the Yamanner worm has infected thousands of users with an apparent cross-site scripting error on Yahoo's e-mail service. The worm is accompanied by a message titled "New Graphic Site" into the user's Yahoo mailbox, which is activated when the user opens an infected e-mail message.

In contrast to Web pages written in HTML, companies use AJAX programming techniques to add new content to a Web page at any time without reloading the entire page, greatly increasing the responsiveness of the corporate web site to customer input. These web sites, which use JavaScript and XML technology, allow browsers to read a small amount of data from the Web server.