PHPDeveloper.org: ONLamp.com: Points of Attack: PHP and Ajax

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Dave Marshall's Blog: Competition: PHP Job Hunters Handbook up for grabs

Job Posting: LIVESTRONG.com/Demand Media Inc. Seeks Senior PHP Software Developer (Santa Monica, CA)

Job Posting: Children's Hospital Boston Seeks Open Source Web Developer (Boston, MA)

Job Posting: eReleases Seeks Zend/PHP Developer (Baltimore, MD)

Job Posting: Chegg Seeks Senior PHP Developer (Santa Clara, CA)

Job Posting: TEKSystems (Recruiter) Seeks PHP Web Application Developers (Tampa, FL)

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

Job Posting: Project People Ltd (Recruiter) Seeks PHP Developer (Paris, France)

Job Posting: Snelling (Recruiter) Seeks Web Programmer (Boston, MA)

News Archive

Site News: Blast from the Past - One Year Ago in PHP

Community News: phpGG Frontend Special

devReview.com: The Big List of PHP Frameworks

Kana Yeh's Blog: Review Ivo Jansch's Guide to Enterprise PHP development

Jani Hartikainen's Blog: Another idea for using models with forms

DevShed: PHP Programs to Prevent MySQL Injection or HTML Form Abuse

Misko Hevery's Blog: Guide: Writing Testable Code

Daniel Cousineau's Blog: Zend Framework Module Init Script (Controller Plugin)

Adobe Developer Connection: Integrated PHP and Flex Development with Zend Studio and Flex Builder

PHPFreaks.com: Protecting php applications with PHPIDS

ONLamp.com:
Points of Attack PHP and Ajax

by Chris Cornutt August 28, 2007 @ 11:11:00

Matthew McCool has a few reminders for developers out there thinking of using Ajax in your applications - mainly to remember that it has the potential of adding another vulnerability to your application.

Consider a registration form built out of PHP. Any aspect of your script that accepts and processes data is a potential point of attack. If you add Ajax, what you're doing is increasing the complexity of the application and, by extension, introducing greater vulnerability. More points of entry equal a larger attack surface, and that means potential problems for your application.

He continues his login form example and mentions a few things you could do to help protect your application and its users (including using the escaping functions built in to PHP to help remove some harmful input).

0 comments voice your opinion now!
point attack ajax opening login form filter input function point attack ajax opening login form filter input function

Similar Posts

DevShed: Structuring Your Projects for Web Application Security

Pro-PHP Podcast: Interview with Jim Plush of Panasonic

PHP-Learn-it.com: Starting with PHP and AJAX

Joshua Eichorn's Blog: I'll be speaking at php/works

Tnx.nl: PHP in Contrast to Perl

Community Events

Don't see your event here?
Let us know!

All content copyright, 2009 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework