IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [ajax]

AJAX (Asynchronous JavaScript and XML) is a popular technique for creating interactive websites, by providing a concept for data exchange between client and server asynchronously.

124 questions
53
votes
6 answers

Does injecting querystring values directly into HTML pose a security risk?

Someone reported a bug on my site that I don't really consider an issue. My site has an URL akin to this: www.site.com/ajax/ads.asp?callback=[text injection] So filetype is application/json, and I don't see how that can affect security of site. His…
Daniel
  • 1,422
  • 3
  • 21
  • 32
28
votes
3 answers

Security risks with JSONP?

What are the security risks with JSONP? Is using JSONP in a new web application reasonable, from a security perspective, or is it better to use a different method for cross-origin web mashups? If using JSONP is reasonable, what steps should I take…
D.W.
  • 98,420
  • 30
  • 267
  • 572
23
votes
2 answers

Can a website make an HTTP request to "localhost"? How does it get around the cross-domain policy?

I found this website which talks about fixing a Redis vulnerability by exploiting that same vulnerability. The website in question has a "patch me" button, and if you have a password-less Redis server running on your machine, it will patch it. In…
Daniel Magliola
  • 413
  • 1
  • 4
  • 7
21
votes
3 answers

What is the point of the same-domain rule for xmlhttprequest when script tags/JSONP can cross domains?

I get that I don't want a page loaded from stackoverflow.com to be able to request gmail.com on my behalf and read my email--but this seems to be simply a cookie issue. Since JSONP bypasses same-origin entirely, I want to know why, instead of making…
XP84
  • 311
  • 2
  • 4
17
votes
4 answers

Is AJAX fundamentally insecure?

Possible Duplicate: How to do Ajax securely? At my workplace many people believe that AJAX is fundamentally insecure. I am under the impression that AJAX is exactly as secure as any other page load, it depends on how you code the call/page. Is…
C. Ross
  • 1,408
  • 3
  • 13
  • 16
15
votes
4 answers

Is CSRF possible if I don't even use cookies?

I have REST api that is using access token which is sent either in header or as url query. I don't use cookies at all. Am I still vulnerable to CSRF attacks? I know that I would if I would use cookies since other tab can send request and cookies…
sed
  • 313
  • 2
  • 4
15
votes
1 answer

How are Ajax requests vulnerable to CSRF attacks if the Same-origin policy is applied?

What I know about CSRF is that a malicious website tricks a normal user into issuing a request to a trusted website using a form. I understand that is possible because we can post forms to different domains. However, I see posts of Stackoverflow…
Songo
  • 251
  • 2
  • 5
15
votes
2 answers

How to do Ajax securely?

This question is inspired by this security question https://security.stackexchange.com/questions/1707 What are the threats in using Ajax? (Please note I am talking about security threats, not features drawbacks) How do I do Ajax securely? (Please…
Kim Stacks
  • 905
  • 9
  • 21
15
votes
4 answers

How does CSRF correlate with Same Origin Policy

I'm trying to understand what roles do CSRF and same origin play in the grand scheme of things. With CSRF, I'm able to pretty much do anything on other websites on clients by making requests.Same Origin Policy (SOP) preserves the data of other…
user1217974
  • 159
  • 1
  • 1
  • 3
12
votes
1 answer

Should I include a random padding in every HTTPS request and response?

According to the following paper, it is possible to decrypt HTTPS traffic by inspecting AJAX calls and using the size parameter as a cryptographic oracle. Should I be sending a variable length payload alongside every HTTPS GET or POST? Is that…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
11
votes
3 answers

Set Cookie in XHR response : How different browsers handle this?

If I send a XHR request to example.com and response has Set-Cookie: dummyCookie=dummy in response. How different browsers handle this? Does any version of any browser set the cookie for example.com, so that it will travel in subsequent…
Sachin Kumar
  • 820
  • 3
  • 9
  • 14
10
votes
1 answer

PUT vs. POST for password update

I am writing a User Management system that has to include a change of password utility. We don't front end hash passwords (hopefully we will soon). As a result passwords are passed over https in the clear whenever a user is edited or his password is…
ford prefect
  • 235
  • 1
  • 2
  • 9
10
votes
1 answer

Drawbacks of storing an authentication token on the client side?

I am working on an ASP.NET MVC web application, which fetches its data from an API in the back. So authentication is currently done via ASP.NET Forms Authentication, which means the client sends email and password to the website, the website…
asp_net
  • 233
  • 2
  • 6
10
votes
3 answers

How can I prevent reflected XSS in my JSON web services?

I have a web service that takes POST data (JSON) and returns part of the request object in the JSON response. This is open to XSS if the response is rendered as HTML by the browser since someone could add arbitrary HTML to the request object. What…
Flash
  • 201
  • 1
  • 2
  • 4
9
votes
1 answer

Designing single-sign-on with JSONP/CORS?

I like the way that OAuth/OpenID can authenticate/identify a user from another domain, but only if the other domain allows it (presumably on the user's instructions). I would like to do something similar, but using CORS AJAX or an alternative like…
cloudfeet
  • 2,528
  • 17
  • 22
1
2 3
8 9