JSON Highjacking and ASP.Net AJAX
[tags: ASP.NET, AJAX / “Atlas”, Security]
As some of you may have read recently, there have been reports of javascript vulnerabilities in a number of available AJAX frameworks. While I don’t currently have the expertise to comment on the merits of the reports, Scott Guthrie has posted a discussion of how ASP.NET AJAX 1.0 addresses the threat of JSON hijacking, including disabling web method invocation via GET requests by default.
Published with BlogMailr