Talk:Ajax Stub
Time your website with
WebWait - from the creator of AjaxPatterns.orgFrom Ajax Patterns
There's an archived version of this pattern available, taken from the Ajax Pattern book draft, showing roughly how it appeared before the page became publicly editable.
Just a couple of minor things:
- Capitalisation of DWR in the quote "Access to dwr can be restricted using the declarative security built into the servlet spec."
and
- typo down near the "Real world examples" in the DWR section "ADWR" should be "DWR"
Nath Bold textLink title
Contents |
Ajax/Javascript Programming and Usability in "Ajax Design Patterns" Book |
How can this be remotely secure? Even with encryption?
How can anyone think that the sqlproxy is safe?
for example, in your js code you may want to get a users email based on a userId you have.
so you encrypt the sql statement: "SELECT email from users where id=[USERID]"
lets say the encrypted statement becomes "O6kJ%2B%2FV6mqoUXn4fUAggeOs9mf9Qu377tZ4";
but then anyone could just query your whole database via:
http://mydomain.com/sqlproxy.aspx?USERID=1&q=O6kJ%2B%2FV6mqoUXn4fUAggeOs9mf9Qu377tZ4 http://mydomain.com/sqlproxy.aspx?USERID=2&q=O6kJ%2B%2FV6mqoUXn4fUAggeOs9mf9Qu377tZ4 http://mydomain.com/sqlproxy.aspx?USERID=3&q=O6kJ%2B%2FV6mqoUXn4fUAggeOs9mf9Qu377tZ4 http://mydomain.com/sqlproxy.aspx?USERID=4&q=O6kJ%2B%2FV6mqoUXn4fUAggeOs9mf9Qu377tZ4
..and so on...
