| Protecting a JavaScript Service |
[06 Apr 2007|06:21pm] |
13:37 05.04.2007
Protecting a JavaScript Service
There is increasing buzz over security with JavaScript, and people are stepping up to the plate.
In How to Protect a JSON or Javascript Service, Joe Walker looks at a few solutions such as:
- Use a Secret in the Request
- Force pre-eval() Processing
- Force POST requests
Joe implements some of these in DWR, including:
Prefix the script with throw new Error("message");. This is a neat solution in that it allows you to explain what is wrong to users that get the message by mistake.
Andrea Giammarchi wonders if 130 bytes are enough to solve JavaScript JSON Hijacking problems? in which he discusses tactics for detecting the hijacking of your objects and comes up with solutions such as this:
JAVASCRIPT:
-
-
if((function(c,m,t){t=c[m];delete c[m];if(/^\[XMLHttpRequest\]$/.test(c)){c[m]=t;return 1}})(XMLHttpRequest,"toString"))
-
alert("Valid XMLHttpRequest");
-
else
-
alert("XMLHttpRequest is corrupted");
-
Finally, the GWT team has published an article on Security for GWT Applications that delves into how GWT handles JavaScript vulnerabilities such as leaking data, cross-site scripting, forging requests, JSON and XSRF.
A lot of good stuff.
read more at Ajaxian
|
|
| Update Firebug to 1.0.4 |
[06 Apr 2007|06:21pm] |
07:00 06.04.2007
Update Firebug to 1.0.4
Update -- go get 1.04 -- its a more robust fix for the security issue - read Joe's comment here.
Joe Hewitt has posted an update to Firebug that you should grab right away as it fixes a couple of issues and covers a 0-day security hole.
The update has been published to addons.mozilla.org, so you can get it by updating Firebug from the Firefox Add-ons window. Alternatively, you can install the update using the big orange button on the getfirebug.com home page.
read more at Ajaxian
|
|
| Multiplayer Connect 4 |
[06 Apr 2007|06:21pm] |
08:04 06.04.2007
Multiplayer Connect 4
Azer Koçulu developed a multi-player platform for Connect4 using php and javascript. It is possible to play the game simultaneously in multiple tables and chat with your opponents b y opening multiple game windows.
So, if you are few up wasting some time at work on Twitter, jump over and play some Connect 4!
read more at Ajaxian
|
|
| Jester: JavaScriptian REST |
[06 Apr 2007|06:21pm] |
10:45 06.04.2007
Jester: JavaScriptian REST
The nice giant robots have smashed away a JavaScript REST implementation that is inspired by the Rails ActiveResource library.
Jester builds on Prototype and ObjTree, a nice DOM parsing engine for JavaScript.
Take a peak at how it works via the examples (run in Firebug):
JAVASCRIPT:
-
-
Base.model("User")
-
Base.model("Child", "http://www.thoughtbot.com", "child", "children")
-
-
var eric = User.find(1)
-
//GET http://localhost:3000/users/1.xml
-
-
var floyd = User.create({name: "Floyd Wright", email: "tfwright@thoughtbot.com"})
-
//POST http://localhost:3000/users.xml
-
-
var chad = User.build({email: "cpytel@thoughtbot.com", name: "Chad Pytel"})
-
chad.new_record()
-
chad.save()
-
Holy client-side programming batman!
( via Alex MacCaw )
read more at Ajaxian
|
|
| TIBCO announces General Interface Test Automation Kit |
[06 Apr 2007|06:21pm] |
12:59 06.04.2007
TIBCO announces General Interface Test Automation Kit
TIBCO GI has released a new test automation kit:
To further support rapid Ajax application development cycles in the enterprise, TIBCO has released TIBCO General Interface Test Automation Kit, a free, open source kit optimized for functional, unit and regression testing of solutions built with its TIBCO General Interface Ajax toolkit. The testing suite extends the popular Selenium TestRunner open source project with additional libraries and features that streamline the testing cycles for Ajax applications, components, and portlets.
It is a very smart move to take Selenium and add features on top of that, instead of starting from scratch.
read more at Ajaxian
|
|
|
|
![[info]](http://p-stat.livejournal.com/img/userinfo.gif){kind=small}
vgs_rss's journal