Home/ Questions/Q 973155
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T03:14:13+00:00

I am considering using AHAH extensively on a project and am concerned about security.

  • 0

I am considering using AHAH extensively on a project and am concerned about security. Couldn’t an attacker inject malicious code into my response that would then be executed in the client? If my AJAX response is JSON, I don’t have to worry about this because if things are tampered with the JSON will no longer be valid.

On the other hand. It doesn’t seem that AHAH is any greater risk than any normal non-https request. Is there something that I am missing or what are some other thoughts?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Couldn’t an attacker inject malicious code into my response that would then be executed in the client?

    Couldn’t they do that to a normal page that does not have Ajax? Ajax is a normal HTTP request. There is nothing new here, same security rules apply.

    If they can tamper with HTML in AHAH, they can tamper with the JSON/XML/Text in those requests so it is valid.

    • 0