CERIAS Weblogs » Shiflett on the danger of cross-domain AJAX scripting

[topcap]

Ed Finkler

Ed Finkler is the Web and Security Archive Administrator for CERIAS. He is a member of the PHP Security Consortium, and on better days thinks of himself as an expert in web application security and interface design.

Author XML Feeds

Search

[bottomcap]
August 9th, 2006 by Ed Finkler in Secure IT Practices

Chris Shiflett has posted a good piece in his blog on the potential danger of cross-domain AJAX scripting (digg here). When Chris and I discussed this at OSCON, I was pretty surprised that anyone would think that violating the same-origin restrictions was in any way a good idea. His post gives a good example of how dangerous this would be.

del.icio.us »

One Response to “Shiflett on the danger of cross-domain AJAX scripting”

  1. Chris Shiflett Says:
    September 24th, 2006 at 6:35 pm

    Thanks for the link. :-)

    Now there’s more to the story:

    http://shiflett.org/archive/263

Leave a Reply

« CERIAS at Portland OSCON 2006
OSCON 2006: Where’s the Security? »