[tags: ASP.NET, AJAX / “Atlas”, Security]

As some of you may have read recently, there have been reports of javascript vulnerabilities in a number of available AJAX frameworks. While I don’t currently have the expertise to comment on the merits of the reports, Scott Guthrie has posted a discussion of how ASP.NET AJAX 1.0 addresses the threat of JSON hijacking, including disabling web method invocation via GET requests by default.

Read the whole thing


Published with BlogMailr