Comments on: AJAX is Evil – Demo at Facebook http://www.disenchant.ch/blog/ajax-is-evil-demo-at-facebook/102 Blog of Sven Vetsch / Disenchant Tue, 02 Mar 2010 12:16:03 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: TakingOff http://www.disenchant.ch/blog/ajax-is-evil-demo-at-facebook/102/comment-page-1#comment-166464 TakingOff Thu, 11 Dec 2008 22:08:19 +0000 http://www.disenchant.ch/blog/ajax-is-evil-demo-at-facebook/102#comment-166464 Hmmm, I am tempted to try this. Hmmm, I am tempted to try this.

]]> By: rubenriojas http://www.disenchant.ch/blog/ajax-is-evil-demo-at-facebook/102/comment-page-1#comment-161383 rubenriojas Wed, 12 Nov 2008 21:36:45 +0000 http://www.disenchant.ch/blog/ajax-is-evil-demo-at-facebook/102#comment-161383 Good post. Good post.

]]> By: travis http://www.disenchant.ch/blog/ajax-is-evil-demo-at-facebook/102/comment-page-1#comment-61551 travis Mon, 10 Dec 2007 12:48:39 +0000 http://www.disenchant.ch/blog/ajax-is-evil-demo-at-facebook/102#comment-61551 Sven, Nice article, I always enjoy reading your site. Its funny how new implementations of code always introduces the same vulnerabilities. Ajax just adds another complex layer that allows for worms to spread (e.g. Samy). Phishing XSS = Owned, I'm not sure may people get that. Keep up the good articles. travis http://travisaltman.com Sven,

Nice article, I always enjoy reading your site. Its funny how new implementations of code always introduces the same vulnerabilities. Ajax just adds another complex layer that allows for worms to spread (e.g. Samy). Phishing XSS = Owned, I’m not sure may people get that. Keep up the good articles.

travis

http://travisaltman.com

]]> By: Daniel http://www.disenchant.ch/blog/ajax-is-evil-demo-at-facebook/102/comment-page-1#comment-60568 Daniel Thu, 06 Dec 2007 09:08:57 +0000 http://www.disenchant.ch/blog/ajax-is-evil-demo-at-facebook/102#comment-60568 Nice article. I just wanted to say what John said. But the article is good because when I do AJAX stuff, I spend most time for testing and optimizing it, and that often results in having less time to check the incoming data on the server side. Nice article. I just wanted to say what John said. But the article is good because when I do AJAX stuff, I spend most time for testing and optimizing it, and that often results in having less time to check the incoming data on the server side.

]]> By: Disenchant http://www.disenchant.ch/blog/ajax-is-evil-demo-at-facebook/102/comment-page-1#comment-60353 Disenchant Wed, 05 Dec 2007 20:18:31 +0000 http://www.disenchant.ch/blog/ajax-is-evil-demo-at-facebook/102#comment-60353 Hi John, of course you're right, AJAX isn't evil itself because of Javascript and XML aren't (at least from my point of view) at all. The problem is that as I wrote in my blog posting, developers aren't aware of the threads which they have to deal with when they're using AJAX, even if the problems are the same as they already know about. So the answer to the question, if the technologies for AJAX (Javascript and XML) are evil is as I already wrote NO but the answer of the question if it's evil to use AJAX for everything just for make it good looking, even if the developers don't know the risks is YES. So I really have to say, that the title of my blog posting isn't perfect but I think people will get the point anyway :) Hi John,
of course you’re right, AJAX isn’t evil itself because of Javascript and XML aren’t (at least from my point of view) at all. The problem is that as I wrote in my blog posting, developers aren’t aware of the threads which they have to deal with when they’re using AJAX, even if the problems are the same as they already know about. So the answer to the question, if the technologies for AJAX (Javascript and XML) are evil is as I already wrote NO but the answer of the question if it’s evil to use AJAX for everything just for make it good looking, even if the developers don’t know the risks is YES. So I really have to say, that the title of my blog posting isn’t perfect but I think people will get the point anyway :)

]]> By: John J. http://www.disenchant.ch/blog/ajax-is-evil-demo-at-facebook/102/comment-page-1#comment-60345 John J. Wed, 05 Dec 2007 19:24:30 +0000 http://www.disenchant.ch/blog/ajax-is-evil-demo-at-facebook/102#comment-60345 Ajax, in and of itself, isn't evil, just as PHP isn't evil (yes, I know it has its own internal flaws, but most of the problems come from outside the core). Developers who ignore good security rules are evil. Developers need to realize that nothing that comes from outside their personal code is going to be clean; there is no security gained in obscurity. Ajax, in and of itself, isn’t evil, just as PHP isn’t evil (yes, I know it has its own internal flaws, but most of the problems come from outside the core). Developers who ignore good security rules are evil. Developers need to realize that nothing that comes from outside their personal code is going to be clean; there is no security gained in obscurity.

]]>