JSON Highjacking and ASP.Net AJAX

[tags: ASP.NET, AJAX / “Atlas”, Security]

As some of you may have read recently, there have been reports of javascript vulnerabilities in a number of available AJAX frameworks. While I don’t currently have the expertise to comment on the merits of the reports, Scott Guthrie has posted a discussion of how ASP.NET AJAX 1.0 addresses the threat of JSON hijacking, including disabling web method invocation via GET requests by default.

Read the whole thing


Published with BlogMailr

Comments (0)