AJAX poses security, performance risks

With the increasing popularity of Ajax/Atlas as the new 'holy grail' of development, it easy to predict the number of security problems in all of that javascript and xml flying all over the place.

The folks over at the secure development mailing list have some references to an e-week article on some of the potential security risks with AJAX, and also have a nice paper on some of the things to watch out for as an ajax developer.

"AJAX dramatically increases the amount of XML network traffic being transmitted, exposing applications to Web services vulnerabilities; AJAX extends Web services from business-to-business to business-to-consumer and transforms a user's Web browser into a Web services portal, thus exposing it to potentially corrupted data that can cause the browser to crash or perform poorly; malformed messages can disrupt server performance due to excessive parsing and exception handling; and XML messages can consume more than double the bandwidth of traditional binary data formats, leading to systemwide performance degradation"

Thanks to Rob Hurlbut for putting this up in his blog.