Ajax Security threats

2 posts, 0 answers
  1. PascalE
    PascalE avatar
    3 posts
    Member since:
    Nov 2006

    Posted 04 Apr 2007 Link to this post

    I thought it worth to post this article on the newsgroup.

    The article exposes recent finding of possible "javaScript" attacks that taps into the lack of "same origin policy" found in transports like JSON.
    Will and Can Telerik help make their controls less vulnerable to these attacks.

    (A note: After I have written this post I realized that tehre is already a thread about this: http://www.telerik.com/community/forums/thread/b311D-ttage.aspx)

    Apologies if this post is in the wrong group.


  2. Mike
    Mike avatar
    524 posts
    Member since:
    Feb 2007

    Posted 04 Apr 2007 Link to this post

    I do not believe that combobox and treeview are affected, since they essentially call an event (ItemsRequested and NodeExpand respectively) in the same page they are located, so if this very page is under Forms Authentication, directly requesting it with GET parameters will fail and a login page will be shown instead.
Back to Top